[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP hole

To: Michael Handler <[email protected]>
Subject: Re: PGP hole
From: Alan Barrett <[email protected]>
Date: Fri, 30 Sep 1994 11:54:54 +0200 (GMT+0200)
Cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

> 	Yes, this was a deliberate design decision, most probably so the 
> same code could be used to parse --- BEGIN PGP ENCRYPTED MESSAGE --- and 
> --- BEGIN PGP SIGNATURE ---. However, this is a _huge_ security hole, as 
> it allows the nearly-undetectable modification of PGP-signed messages.

It's nowhere near undetectable.  When you ask pgp to check the signature,
pgp writes the signed message to a file (or to stdout), and that output
does not include the {header/junk/extra stuff} between the BEGIN line and
the blank line. 

I don't like this bug/feature, but I don't see it as a serious security
problem for users who are aware of it.  I do think it could be a problem
for users who are not aware of it, and who incorrectly assume that the
"good signature" message means that the {header/junk/extra stuff} was part
of the signed material. 

--apb (Alan Barrett)

References:
- Re: PGP hole
  - From: Michael Handler <[email protected]>

Prev by Date: Re: PGP hole
Next by Date: Re: PGP hole
Prev by thread: Re: PGP hole
Next by thread: Re: PGP hole
Index(es):
- Date
- Thread