Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
[Apologies if this item was passed through the list. It was news to me.] Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG K. Jallad, J. Katz, and B. Schneier Information Security Conference 2002 Proceedings, Springer-Verlag, 2002, to appear. ABSTRACT: We recently noted that PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an unwitting "decryption oracle." We argued further that such attacks are quite feasible and therefore represent a serious concern. Here, we investigate these claims in more detail by attempting to implement the suggested attacks. On one hand, we are able to successfully implement the described attacks against PGP and GnuPG (two widely-used software packages) in a number of different settings. On the other hand, we show that the attacks largely fail when data is compressed before encryption. Interestingly,the attacks are unsuccessful for largely fortuitous reasons; resistance to these attacks does not seem due to any conscious effort made to prevent them. Based on our work, we discuss those instances in which chosen-ciphertext attacks do indeed represent an important threat and hence must be taken into account in order to maintain confidentiality. We also recommend changes in the OpenPGP standard to reduce the effectiveness of our attacks in these settings. http://www.counterpane.com/pgp-attack.html "Reality must take precedence over public relations, for nature cannot be fooled." -- Richard P. Feynman - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: [aleph1@securityfocus.com] Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
[Perry message forwarded a notice of a paper on an attack against PGP and GnuPG] A posting on bugtraq in response said, in part: > From: "Werner Koch" <[EMAIL PROTECTED]> [...] > Countermeasures are defined in the OpenPGP drafts since October 2000. > > This MDC (Manipulation Detection Code) feature is supported since PGP > 7.0 (decryption only) and GnuPG 1.0.2. [...] > The general problem is that the MDC feature is not compatible with any > PGP versions before 7.0 or GnuPG 1.0.2. The full posting is at http://online.securityfocus.com/archive/1/287127 -- sidney - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
[aleph1@securityfocus.com] Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
--- Begin Message --- Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG K. Jallad, J. Katz, and B. Schneier We recently noted that PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an unwitting "decryption oracle." We argued further that such attacks are quite feasible and therefore represent a serious concern. Here, we investigate these claims in more detail by attempting to implement the suggested attacks. On one hand, we are able to successfully implement the described attacks against PGP and GnuPG (two widely-used software packages) in a number of different settings. On the other hand, we show that the attacks largely fail when data is compressed before encryption. Interestingly,the attacks are unsuccessful for largely fortuitous reasons; resistance to these attacks does not seem due to any conscious effort made to prevent them. Based on our work, we discuss those instances in which chosen-ciphertext attacks do indeed represent an important threat and hence must be taken into account in order to maintain confidentiality. We also recommend changes in the OpenPGP standard to reduce the effectiveness of our attacks in these settings. http://www.counterpane.com/pgp-attack.pdf http://www.counterpane.com/pgp-attack.ps.zip -- Elias Levy Symantec Alea jacta est --- End Message --- -- Perry E. Metzger[EMAIL PROTECTED] -- "Ask not what your country can force other people to do for you..."
