[Top] [All Lists]

paper of interest to be presented at EuroCrypt

2004-03-08 15:49:08

Since Hal just pointed to an RSA Conference paper, I thought I'd bring attention
to an OpenPGP-related paper to be presented by Phong Nguyen at EuroCrypt in May.
The abstract sounds like old news, but perhaps list subscribers will be interested

Abstract: More and more software use cryptography. But how can one know if what is implemented is good cryptography? For proprietary software, one cannot say much unless one proceeds to reverse-engineering, and history tends to show that bad cryptography is much more frequent than good cryptography there. Open source software thus sounds like a good solution, but the fact that a source code can be read does not imply that it is actually read, especially by cryptography experts. In this paper, we illustrate this point by examining the case of a basic Internet application of cryptography: secure email. We analyze parts of the source code of the latest version of GNU Privacy Guard (GnuPG or GPG), a free open source alternative to the famous PGP software, compliant with the OpenPGP standard, and included in most GNU/Linux distributions such as Debian, MandrakeSoft, Red Hat and SuSE. We observe several cryptographic flaws in GPG v1.2.3. The most serious flaw has been present in GPG for almost four years: we show that as soon as one (GPG-generated) ElGamal signature of an arbitrary message is released, one can recover the signer's private key in less than a second on a PC. As a consequence, ElGamal signatures and the so-called ElGamal sign+encrypt keys have recently been removed from GPG. Fortunately, ElGamal was not GPG's default option for signing keys.


Michael J. Markowitz, Ph.D.        Email: markowitz(_at_)infoseccorp(_dot_)com
Vice President R&D                 Voice: 708-445-1704 (Oak Park)
Information Security Corporation          847-405-0500 (Deerfield)
1011 Lake Street, Suite 212        Fax:   708-445-9705
Oak Park, IL  60301                WWW: