Security Flaw Discovered in GPG 151
WeLikeRoy writes "A serious problem in the use of GPG to verify digital signatures has been discovered, which also affects the use of gpg in email. It is possible for an attacker to take any signed message and inject extra arbitrary data without affecting the signed status of the message. Depending on how gpg is invoked, it may be possible to output just faked data as several variants of this attack have been discovered. All versions of gnupg prior to 1.4.2.2 are affected, and it is thus recommended to update GnuPG as soon as possible to version 1.4.2.2."
Not a fundamental flaw. (Score:5, Interesting)
So this is a simple mistake made by GPG, in an effort to coexist well with email and the like.
In other words, GPG looks at an email message and sees headers and the like. Of course, the headers were not signed (just the message), so GPG skips them and when it encounters the signed message, it begins to verify the signature.
So, if you are an attacker, you insert something before or after the signed message, and when GPG goes to verify it, the signed message passes, but GPG nicely prints out the whole message for you, instead of just the signed part. Oops, not a big deal, encryption isn't broken, in fact this is just an application bug.
Re:Bug Intentionally Placed? (Score:2, Interesting)
Ah ha. And how many times did you personally verify the source before you trusted it?
Security Flaw Discovered in GPG? (Score:3, Interesting)
I'm guessing, but 95% of computing world doesn't use GPG. And isn't this a "Man In the Middle" attack? How many routers have been compromised that I need to worry about this?
Are my GPG encrypted messages to the kremlin, CIA, or FBI less secure? Are my "lovey-dovey, are you naked" messages to my wife compromised? Thats about all I use GPG for.
Enjoy.
Re:Bug Intentionally Placed? (Score:2, Interesting)
Re:Oh no! (Score:5, Interesting)
Re:Well... (Score:3, Interesting)
I agree. But again, the way I read the alert, isn't this a "Man In the Middle" attack?
Does it affect routers or the infrastructure of the Internet? Only insofar as domain registrars never validate change requests properly. A carefully-crafted attack could use this to append a change-of-IP request to some ISP's routine request to a registrar, which means an attacker could create a phony DNS server for the express purpose of polluting the DNS namespace. If the registrar uses GPG's validation as proof of a legit request (and some are quite happy with a fax with no proof of origin at all) then it could have an impact.
If your able to effect routers on an ISP infrastructure then were not talking script kiddies. We all know DNS hijacking. To do what your talking about requires leet skillz. Maybe I could, you possibly could, but how many others? How secure is GPG against an amatuer?
BTW: my parent post is marked as Troll. Some idiot has moderator points.
Thanks for the response.
Enjoy.
Re:Not a fundamental flaw. (Score:3, Interesting)
From: BOSS@CORPORATE.COM
To: MIDDLEMANAGER@CORPORATE.COM
Subject: Employee Burt Reynolds
That's a fine lad! Let's give him a raise!
-- Boss
GPG SIGNATURE VERIFIED: BOSS@CORPORATE.COM
Now, this message can be intercepted and a new part inserted before the actual message body, without the receiver being notified -- here I have marked the new part with bold text:
From: BOSS@CORPORATE.COM
To: MIDDLEMANAGER@CORPORATE.COM
Subject: Employee Burt Reynolds
Fire him immediately. He is a waste of space.
Employee Foo Bar, on the other hand. That's a fine lad! Let's give him a raise!
-- Boss
GPG SIGNATURE VERIFIED: BOSS@CORPORATE.COM
The message meaning has been completely altered, and GPG still verifies the signature. Feels like a big deal to me. But of course, I might have completely missed something.
Re:GPG is: (Score:4, Interesting)
This was also a primary catalyst for the argument of how strong exportable encryption should be, and which brought the encryption debate out into the public eye. Had he not done this, we might be a few years behind our current status, just having finished accepted the appropriateness of exporting heavy encryption.