ietf-openpgp
[Top] [All Lists]

Re: CMR/ARR and OpenPGP (Re: What this WG is doing)

1997-10-30 14:43:39

I wrote:
Bill Stewart <stewarts(_at_)ix(_dot_)netcom(_dot_)com> writes:
Unfortunately, it does look like the new format uses 64-bit KeyIDs
for these fields, and a 0xdeaddeaddeadbeef attack is a few billion
times harder than a 0xdeadbeef attack, which could otherwise fool it :-)

I think it's much harder to fool than you're thinking -- 
                    ^^^^^^

Above sentence is in error, I meant much _easier_ to fool; probably
obvious from the following text anyway...

it doesn't
decrypt the data, and so it can't attempt in anyway to verify the
contents of the PKE.  (It could somewhat with binding cryptography,
but I understand this is not currently used).

So I think if you get an ARR request for 64 bit key (or 128 bit key,
or whatever) 0x12345781234578 well you just create the second
recipient PKE field like so:

[ARR key-id][length-header][garbage]

and it will go flying through, right?  No 0xdeadbeef or longer cousin
attacks required.

(Suggestions for human readable ASCII to put in the garbage field
accepted on a postcard:-)

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`