Re: GnuPG public key vulnerability?

2017-11-02 Thread Shannon C 
>
> so at Facebook, we checked
> the public keys that have been uploaded to people's profiles, and notified
> people whose keys are affected


 Jon,

FYI your detection logic seems a bit overzealous, because (last time I
checked) it detects revoked ROCA-vulnerable subkeys as making the whole
public key unacceptable, even if the private key is not affected by ROCA.
According to the responses on this thread
https://lists.gnupg.org/pipermail/gnupg-users/2017-October/059417.html
ROCA-affected subkeys have no effect on the validity of the private key or
other subkeys, so if they're revoked everything should be ok.

Rejecting public keys in this way is problematic for two reasons I can
think of:
1. It confuses people because it implies that there's something wrong with
your whole key even though the problem is only with a subkey. And it
implies that revoking the subkey doesn't solve the problem.
2. It will force people to do extra work to remove their subkeys before
exporting their public key for upload to Facebook. This is annoying to do
and might lead to people deleting their subkeys from their local keyring
permanently, which is probably a bad idea.

I'm not certain, but I think keybase might be getting this wrong too.

-Shannon
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG public key vulnerability?

2017-10-31 Thread David Shaw 
On Oct 31, 2017, at 8:10 PM, murphy  wrote:
> 
> I got a signed notification from facebook (good signature, enigmail)
> that claims my GnuPG generated public key has a "recently disclosed
> vulnerability".  This is the full text:
> 
> We have detected that the OpenPGP key on your Facebook profile may be
> susceptible to attacks due to a recently disclosed vulnerability.  We
> recommend that you revoke and replace your public key immediately to
> minimize the risk to your encrypted communications.  You can update your
> public key by visiting your Security and Login settings.  To help reduce
> the risk of your key being attacked, we have set the privacy of your
> potentially vulnerable public key on your profile to "Only Me" to limit
> further distribution.  We will continue to encrypt your notification
> emails using this OpenPGP public key.
> 
> This is doubly weird since the private/public key was generated on a
> Yubikey-4 nano and it is safe at home.  Does anyone know what this may
> be about?

Yes.

Recently, a flaw in the firmware for some Infineon hardware crypto was found.  
RSA keys that were generated with this faulty firmware are not nearly as strong 
as their key length would imply.

You mention a Yubikey 4 nano, and unfortunately, that is one of the devices 
that used Infineon components.  In the case of a Yubikey and OpenPGP, if you 
generate the key *on* a vulnerable Yubikey, you may have a problem.  If you 
generate the OpenPGP key elsewhere and *import* the key to your Yubikey, you 
are not affected.

The Yubico people have a site up to check your device serial number to see if 
it is vulnerable and are offering a replacement program.  See 
https://www.yubico.com/keycheck/

There has been some discussion of the implications of this vulnerability on 
this list.  Search the list archives for "ROCA" to see more.

The original paper is at https://crocs.fi.muni.cz/public/papers/rsa_ccs17

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG public key vulnerability?

2017-10-31 Thread Jonathan Millican 
Hi Murphy,

This email refers to the ROCA vulnerability (https://crocs.fi.muni.cz/
public/papers/rsa_ccs17), which affects a number of hardware devices
including some versions of the Yubikey 4-nano (https://www.yubico.com/
keycheck/). I believe Yubico are offering to replace affected Yubikeys.

One aspect of this vulnerability is that RSA public keys can be very easily
checked to determine if they are vulnerable - so at Facebook, we checked
the public keys that have been uploaded to people's profiles, and notified
people whose keys are affected. Unfortunately it seems like you were one of
the unlucky ones! Details here: https://www.facebook.com/
protectthegraph/posts/1954548564785285.

Hope that helps,
Jon

On 1 November 2017 at 00:10, murphy  wrote:

> I got a signed notification from facebook (good signature, enigmail)
> that claims my GnuPG generated public key has a "recently disclosed
> vulnerability".  This is the full text:
>
> We have detected that the OpenPGP key on your Facebook profile may be
> susceptible to attacks due to a recently disclosed vulnerability.  We
> recommend that you revoke and replace your public key immediately to
> minimize the risk to your encrypted communications.  You can update your
> public key by visiting your Security and Login settings.  To help reduce
> the risk of your key being attacked, we have set the privacy of your
> potentially vulnerable public key on your profile to "Only Me" to limit
> further distribution.  We will continue to encrypt your notification
> emails using this OpenPGP public key.
>
> This is doubly weird since the private/public key was generated on a
> Yubikey-4 nano and it is safe at home.  Does anyone know what this may
> be about?
>
> Facebook public key (it is valid, see:
> https://www.facebook.com/notes/protect-the-graph/
> securing-email-communications-from-facebook/1611941762379302/):
>
> pub   rsa4096 2015-05-17 [SC] [expires: 2018-05-17]
>  31A70953D8D590BA1FAB37762F3898CEDEE958CF
> uid   [  full  ] Facebook, Inc.
> sub   rsa4096 2017-07-24 [S] [expires: 2018-02-19]
>
> My public key is uploaded to keyservers and is:
>
> pub   rsa4096 2016-10-17 [SC] [expires: 2018-10-17]
>  D89A29A3E1DA59DFBF516EA73E450D1BCF78C26B
> uid   [ultimate] orange
> uid   [ultimate] Murphy Chesney (facebook communication)
> 
> sub   rsa4096 2016-10-17 [A] [expires: 2018-10-17]
> sub   rsa2048 2016-10-17 [E] [expires: 2018-10-17]
>
> Murphy
>
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG public key vulnerability?

2017-10-31 Thread Fraser Tweedale 
On Tue, Oct 31, 2017 at 08:10:45PM -0400, murphy wrote:
> I got a signed notification from facebook (good signature, enigmail)
> that claims my GnuPG generated public key has a "recently disclosed
> vulnerability".  This is the full text:
> 
> We have detected that the OpenPGP key on your Facebook profile may be
> susceptible to attacks due to a recently disclosed vulnerability.  We
> recommend that you revoke and replace your public key immediately to
> minimize the risk to your encrypted communications.  You can update your
> public key by visiting your Security and Login settings.  To help reduce
> the risk of your key being attacked, we have set the privacy of your
> potentially vulnerable public key on your profile to "Only Me" to limit
> further distribution.  We will continue to encrypt your notification
> emails using this OpenPGP public key.
> 
> This is doubly weird since the private/public key was generated on a
> Yubikey-4 nano and it is safe at home.  Does anyone know what this may
> be about?
> 
Some versions of the YubiKey 4 were affected by the ROCA
vulnerability, which caused weak keys to be generated.

https://www.yubico.com/support/security-advisories/ysa-2017-01/
https://crocs.fi.muni.cz/public/papers/rsa_ccs17

I would say that is what the email is about.

Cheers,
Fraser


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG public key vulnerability?

2017-10-31 Thread murphy 
I got a signed notification from facebook (good signature, enigmail)
that claims my GnuPG generated public key has a "recently disclosed
vulnerability".  This is the full text:

We have detected that the OpenPGP key on your Facebook profile may be
susceptible to attacks due to a recently disclosed vulnerability.  We
recommend that you revoke and replace your public key immediately to
minimize the risk to your encrypted communications.  You can update your
public key by visiting your Security and Login settings.  To help reduce
the risk of your key being attacked, we have set the privacy of your
potentially vulnerable public key on your profile to "Only Me" to limit
further distribution.  We will continue to encrypt your notification
emails using this OpenPGP public key.

This is doubly weird since the private/public key was generated on a
Yubikey-4 nano and it is safe at home.  Does anyone know what this may
be about?

Facebook public key (it is valid, see:
https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302/):

pub   rsa4096 2015-05-17 [SC] [expires: 2018-05-17]
 31A70953D8D590BA1FAB37762F3898CEDEE958CF
uid   [  full  ] Facebook, Inc.
sub   rsa4096 2017-07-24 [S] [expires: 2018-02-19]

My public key is uploaded to keyservers and is:

pub   rsa4096 2016-10-17 [SC] [expires: 2018-10-17]
 D89A29A3E1DA59DFBF516EA73E450D1BCF78C26B
uid   [ultimate] orange
uid   [ultimate] Murphy Chesney (facebook communication)

sub   rsa4096 2016-10-17 [A] [expires: 2018-10-17]
sub   rsa2048 2016-10-17 [E] [expires: 2018-10-17]

Murphy




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users