Wot ho chaps,
Was only going to mention it to a few people, but thought it worth
mentioning on here. Sorry it's SOT:
This was reported on Slashdot recently... visit the link:
http://www.nwfusion.com/news/2000/0824naipgp.html?nf
If I understand this right, it basically makes PGP almost completely
worthless. A public key can be tweaked whilst keeping the fingerprint
the same, and then re-uploaded to the keyservers or handed out to
others on your behalf. If someone sends mail to this tweaked key, you
can still decode it - but so can the cracker! There's not a lot you
can do about it; all keys made with Nai's PGP 5 or greater have this
flaw.
This problem apparently doesn't affect GPG - I'm just waiting for a
GUI Win32 version of it (and a Bat plugin - hint hint) then I'll most
likely revoke the PGP keys right away :)
--
Deryk Lister || ICQ 25869912 || www.deryk.co.uk
"... Whatever" -- Squall Leonhart
PGP welcomed - get the key off my automated email client:
mailto:[EMAIL PROTECTED]?subject=Retr20PGP20Key
No third party or keyserver is to be trusted due to recent flaws.
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
