Date: Thu, 24 Aug 2000 09:15:05 -0700 From: Elias Levy <aleph1@SECURITYFOCUS.COM> Subject: Serious PGP Vulnerability To: BUGTRAQ-PRESS@SECURITYFOCUS.COM There is a serious new PGP vulnerability that affects PGP 5.x, 6.x, and derived products. These versions of PGP support a key escrow in the form of Additional Decryption Keys (ADK). Key escrow is a method by which encrypted data can be recovered by parties other than the source and destination of the communications. In particular corporations and governments are fond of it so they can access the encrypted data in case the person holding they keys leaves the company or in criminal cases. When versions of PGP that support key escrow create a new public/private key pair they add to the public key a set of ADKs that are used to encrypt a message by those wishing to communicate with this key in addition of the regular encryption by with this public key. This allows holders of the ADKs to read the message if they get a hold of it. By design, to stop someone from modifying the public key after its been generated to add ADKs they must be signed with the corresponding private key. A vulnerability in these version of PGP allow public keys with non-signed ADKs to be used. This means that someone could obtain a copy of your public key, add their own ADKs, and attempt to fool someone into using this modified public key when communication with you. If they can intercept the encrypted communications they will then be able to decrypt it with their ADK. For more information check out: http://cryptome.org/pgp-badbug.htm http://senderek.de/security/key-experiments.html -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum