Re: PGP Signed Messages

From: Jack Lloyd (lloyd@acm.jhu.edu)
Date: 10/16/01 

Date: Tue, 16 Oct 2001 11:41:33 -0400 (EDT)
From: Jack Lloyd <lloyd@acm.jhu.edu>
To: Kurt Seifried <bugtraq@seifried.org>
Subject: Re: PGP Signed Messages
Message-ID: <Pine.LNX.4.30.0110161120260.21480-100000@sol.galaxy.acm.jhu.edu>

> BTW PGP key ID's can easily be faked, you can make arbitrary keys with any
> PGP key ID you want. Don't forget to include the fingerprint (at least then
> it's only mostly useless as opposed to completely useless).

In the case of the old (PGP 2.6.2) key format, yes, PGP key ids are easily
spoofable (the key id was the low 32 bits of the modulus). However, the
newer format (used for all(?) DSA/Elgamal and some RSA keys) uses the low
32 bits of the fingerprint, which is a cryptographic hash of the entire
key. Thus one must generate about 2^31 keys to find a single one which
matches the key id (by the usual birthday paradox attack on a hash
function). Lets say you can generate and test 100 keys per second (my 1 Ghz
Athlon can generate 1 key in about 10 seconds with gnupg 1.0.6). In that
case, assuming my math isn't wrong, it would take you about 250 days to
forge a key id. Certainly possible, but quite a bit of work.

I'm fairly certain that having the entire fingerprint on hand gives you
pretty much full certainty that the key is legit.

BTW, the GPG for pine plugins automatically verify signatures, and displays
the GPG output, ie either "Good signature from ... " or "BAD signature from
..." every time you open the mail. The problems you mention are real, but a
problem of 1) bad mail client support, and 2) overly trusting people, not
the PGP format itself.

Regards,

Jack

Relevant Pages

  • RE: PGP Public Key Block/PGP Signature
    ... please download the PGP key here. ... "FoxyFella" wrote: ... > When downloading the PGP keys fingerprint I come up with the PGP Public Key ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: [sudo-users] [Fwd: Quota function]
    ... Is it right format? ... Remember that sudo is configured to run from a terminal not from a script. ... PGP key id: 537C5846 ... Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines ...
    (Fedora)
  • Re: [PATCH] Use formatting of module name in crypto API
    ... "format not a string literal and no format arguments" ... Applied to cryptodev. ... Visit Openswan at http://www.openswan.org/ ... PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ...
    (Linux-Kernel)
  • More linux attacks
    ... To me its just that Linux is more of a challenge than windoze. ... PGP key: www.ozetechnology.com/downloads/watsondk.pgp ... Fingerprint: 57C83166BDC89F743D6760A32FA90C63FF2CA8C2 ...
    (comp.os.linux.security)