-----BEGIN PGP SIGNED MESSAGE----- The promised technical paper is at: http://www.i.cz/en/pdf/openPGP_attack_ENGvktr.pdf (PDF, 100 KB) "The attack to private signature keys in OpenPGP format, PGPTM program and other OpenPGP based applications" here. http://www.i.cz/pdf/pgp/OpenPGP_Attack_ENGfinal.ppt (PPT, 81 kB) ICZ's scientists' reactions to criticsm and FAQ http://www.i.cz/en/onas/ohlasy.html I can't help myself, two lines from their FAQ: >Do you think that it credits such attention or is it all a lot of >hot air? If we didn't blow a bit of hot air on the world from time >to time we'd all be true idiots. It's good to know I'm not a "true idiot." Hal Finney has a succinct analysis posted to the Open-PGP list archived at: http://www.imc.org/ietf-openpgp/mail-archive/msg04767.html My summary of Hal's analysis: 1. Attackers have to diddle the secret key. 2. Does *not* work with commercial PGP 7.0.3 w/RSA keys (unknown about earlier). 3. Does work with all DSA keys and RSA keys in GPG. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: How long has it been since you backed up your hard drive? iQCVAwUBOrqJavGfiIQsciJtAQFNbAQAmpHZU9k7kmROpsLPSL1ySBw2oUlmxJh5 HuJzsaznY92uDY9VYXHB8N0RMJEbhh/Svz2cSNnMSvwcQ+jmtSlLfXHTZp31DV12 MQUa+Sf3UDyGSAV0+2JRizMRFhy5fEh6wOUKdefSam+2KLoYSQc/WyO0nanVA2PV XIetWM4B3G0= =eYBk -----END PGP SIGNATURE----- -- Dave Kennedy CISSP Director of Research Services TruSecure Corp. http://www.trusecure.com
