Folks:
Since Hal just pointed to an RSA Conference paper, I thought I'd bring
attention
to an OpenPGP-related paper to be presented by Phong Nguyen at EuroCrypt
in May.
The abstract sounds like old news, but perhaps list subscribers will be
interested
anyway:
http://www.di.ens.fr/~pnguyen/pub.html#Ng04
- Abstract: More and more software use cryptography. But how can
one know if what is implemented is good cryptography? For proprietary
software, one cannot say much unless one proceeds to reverse-engineering,
and history tends to show that bad cryptography is much more frequent
than good cryptography there. Open source software thus sounds like a
good solution, but the fact that a source code can be read does not imply
that it is actually read, especially by cryptography experts. In this
paper, we illustrate this point by examining the case of a basic Internet
application of cryptography: secure email. We analyze parts of the source
code of the latest version of GNU Privacy Guard (GnuPG or GPG), a free
open source alternative to the famous PGP software, compliant with the
OpenPGP standard, and included in most GNU/Linux distributions such as
Debian, MandrakeSoft, Red Hat and SuSE. We observe several cryptographic
flaws in GPG v1.2.3. The most serious flaw has been present in GPG for
almost four years: we show that as soon as one (GPG-generated) ElGamal
signature of an arbitrary message is released, one can recover the
signer's private key in less than a second on a PC. As a consequence,
ElGamal signatures and the so-called ElGamal sign+encrypt keys have
recently been removed from GPG. Fortunately, ElGamal was not GPG's
default option for signing keys.
-mjm
==========
Michael J. Markowitz, Ph.D.
Email: markowitz(_at_)infoseccorp(_dot_)com
Vice President
R&D
Voice: 708-445-1704 (Oak Park)
Information Security
Corporation
847-405-0500 (Deerfield)
1011 Lake Street, Suite 212
Fax: 708-445-9705
Oak Park, IL
60301
WWW:
http://www.infoseccorp.com