Top cryptologists claim they have found a serious flaw in OpenPGP, which could blow open one of the most commonly used forms of encryption software.
By Pia Heikkila
Published: 22 March 2001 18:30 GMT
If confirmed, products such as Network Associates' email encryption software, Pretty Good Privacy (PGP), could be seriously flawed, leaving users' private keys open to attack.
Czech cryptologists working for a company called ICZ claim to have discovered the bug whilst working on a government security project.
Miroslav Votruba, marketing manager for ICZ, explained the scientists discovery: "The user's digital signature is protected by an encrypted key or cipher. We've proved that attackers do not need to attack the cipher itself, but they can simply bypass it as well as the user's password. A small alteration of the private key file followed by a capturing of a signed message is enough to break the private key," he said.
Neil Barrett, one of UK's top security specialists, said the study signals the most significant discovery as it is the first time anyone has managed to crack an OpenPGP system. "It is a very interesting finding as it is the first of its kind. The question is, will this be the beginning of more cryptography attacks to come or just an isolated vulnerability," he said.
But Douglas Hurd, business development manager for PGP at Network Associates, said that the Czech's discovery only goes half way to proving there is a vulnerability in the company's product.
"They are suggesting if the person is able to get access to your private key inside your PC, it is theoretically possible to modify the key and put it back to your PC and then capture something which is signed with the modified key. But in order for this attack to be possible, the attacker should be able to have open access to your PC," he said.
Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...
e-Discovery / Litigation Support specialist - London.Based from London, this role is to investigate incidents of fraud within organizations. From ...
e-Discovery (London).Our client is a market leader in providing integrated technology products and services in the legal sector. Your experience ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy