PGP: How it works

By Robert Lemos

Messages encrypted with the Pretty Good Privacy (PGP) algorithm could fall prey to a technique that fools senders into decoding their own secret messages, according to researchers.

The attack can be described using the typical cast of encryption problems: a sender (Alice), a receiver (Bob) and an eavesdropper (Eve). When Alice wants to send Bob a message, she encrypts the plaintext of her message with Bob's public key. No one can decrypt the message except for Bob, but Eve does manage to intercept the message.

Deciding that she wants to figure out what the message says, Eve applies a specific set of mathematical functions to the so-called ciphertext, corrupting it. Eve then sends the corrupted message, essentially a damaged version of Alice's encrypted message, to Bob without encrypting it. Bob decrypts it with his public key and gets a lot of garbage. Puzzled, Bob contacts Eve, who asks Bob to send the garbage text back. Eve then reverses the mathematical functions and removes the corruption from the message, and is left with the original message that Alice sent.

The mathematical sleight of hand is possible because there is a specific class of mathematical function that can be applied to an encrypted message and can be removed after the message is decrypted. Known as a homomorphism, the flaw opens the door to social-engineering attacks--that is, those that trick humans rather than break a code directly.

"The moral is not to send gibberish back to the person you got it from," said Schneier. "You decrypted it and sent it back to me. Unbeknownst to you, you have decrypted the message, but because of the corruption, you don't know it."

In March, security company Network Associates dropped its support for the PGP software after it failed to find a buyer for its PGP business unit. Network Associates still owns the intellectual property surrounding the encryption, which it bought from PGP's creator, Philip Zimmermann.

Robert Lemos writes for News.com