[Top] [All Lists]

Re: SHA-1 broken

2005-02-18 08:27:21

Werner Koch <wk(_at_)gnupg(_dot_)org> wrote on 18 Feb 2005:

I only know the Heise report (ct magazine and the most known IT news
ticker). [...]

I received articles about the alleged "security flaw in OpenPGP" on
3 of the newspaper mailing lists I am on (IIRC, it was on the Heise
Newsticker, the PC WELT newslist and the ""-newsreport).

I did not check on how many other channels similar articles were
published, as I was too busy answering phone calls and mails from
concerned customers of our crypto gateway, who wanted to know whether
our product was now "broken" or still safe.

The effect was obvious to feel: Our customers were concerned, and if
so many customers contact us, I can imagine how many potential
customers (who don't contact us) are shying away from the idea of
using automatic encryption/decryption due to those articles.

Their article didn't talk about a practical attack or
spread panic [...] The article was quite okay.

Hmh - for GnuPG the article may not have been a problem as it clearly
stated that end users doing manual decryption are _not_ susceptible to
the attack.

But imagine being in my position, i.e. the manufacturer of a product
that automatically encrypts/decrypts mail using the OpenPGP protocol.
Let me quote from the "quite okay" article that was published on
14 Feb 2004 at 13:17:

"Weakness in OpenPGP: Serge Mister and Robert Zuccherato ... have
detected a weakness in the open crypto protocol OpenPGP which has the
effect that on systems which automatically decrypt, the clear text can
be calculated [by an attacker]. ... At risk are those systems that
automatically decrypt encrypted messages. ... The crypto community is
considering to modify the OpenPGP protocol due to this weakness."

So the article contains clear statements that crypto gateways
which use OpenPGP and do automatic decryption, are susceptible to
the attack (and thus "broken").

Aside from costing me time to explain the facts to every concerned
customer, this situation is not very nice for our company. We
pioneered the crypto gateway idea more than 5 years ago (see e.g.
"") and I personally did a lot
of lecturing and article writing to spread the idea of automatic
encryption/decryption via a gateway. Now the press writes that the
very basis of our security products is allegedly "broken".

Therefore, let us be aware that journalists are no crypto experts and
can easily misunderstand statements even if the original article (by
Jon et al.) was technically correct. If a journalist reads words like
"security weakness" or "broken", they just publish that "fact" without
bothering to differentiate who exactly is susceptible to the risk. And
if Jon writes that the OpenPGP protocol is going to be changed due to
a discovery, than this means to a journalist that the discovery must
be "a really important security flaw or else no one would bother to
change the protocol"! That is the simple mind of the press, and we
should take this into account when making public announcements.

- Wolfgang Redtenbacher

Redtenbacher Software                Tel.:   +49 7159 17046
Roemerstr. 11/1                      Fax:    +49 7159 17047
D-71272 Renningen                    e-mail: wolfgang(_at_)redtenbacher(_dot_)de

<Prev in Thread] Current Thread [Next in Thread>