Pavel Kankovsky <[EMAIL PROTECTED]> writes:
> ICZ has published some real information about their new attack against
> (Open)PGP. Their annoucement, in the English language, can be found at
> http://www.i.cz/en/onas/tisk4.html. They say they will make a research
> paper available at http://www.i.cz/ soon.
There's now a Czech paper with technical background:
http://www.i.cz:80/pdf/pgp/OpenPGP_attack_CZ.pdf
Although I cannot read Czech, their attack seems to be target against
the public key stored in a secret key packet. This data is not
cryptographically protected and can therefore be modified by an
attacker who has write access to the key ring. If a signature is
generated based on the modified public key data, the secret key will
be exposed.
This implies that the RSA implementation of GnuPG is *not* vulnerable,
because it uses only the cryptographically protected secret key data
for signature generation. However, the DSA implementation seems to be
vulnerable.
--
Florian Weimer [EMAIL PROTECTED]
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
