Re: Bellcore Attack

* Jon Callas wrote:

The gist, as much as we know of it now is that they claim that they can
write into a V3 secret key (the PGP 2.6 format) in such a way as to force
you to make signatures that the attacker can then forge. We don't know the


That seems resonable: Modifying the least significant in the last crypted
secret key component can be used (in conjunction with the chipher feedback
mode) to determine the necessary checksum fooling PGP integrity checks. It
might be possible to extend this to v4 keys too.

<Prev in Thread]	Current Thread	[Next in Thread>
Bellcore Attack, Lutz Donnerhacke Re: Bellcore Attack, Jon Callas Re: Bellcore Attack, Lutz Donnerhacke <= Re: Bellcore Attack, Rodney Thayer Re: Bellcore Attack, Jim Gillogly Re: Bellcore Attack, Lutz Donnerhacke Message not available Message not available Message not available Re: Bellcore Attack, Lutz Donnerhacke Re: Bellcore Attack, Florian Weimer Re: Bellcore Attack, John W Noerenberg II

Previous by Date:	Re: Bellcore Attack, Lutz Donnerhacke
Next by Date:	Re: Algorithm Specific Fields for DSA secret keys, Florian Weimer
Previous by Thread:	Re: Bellcore Attack, Jon Callas
Next by Thread:	Re: Bellcore Attack, Rodney Thayer
Indexes:	[Date] [Thread] [Top] [All Lists]