Cryptography Reference
In-Depth Information
Alice's software can learn the methods that can be used from Bob's public key.
However, for Bob to know which ones these are, he has to call GnuPG with
the
v
switch set (apart from knowing how to set switches), and he cannot
change the methods in arrears once the key has been generated.
−
Nevertheless, the project is positive, mainly in connection with the OpenPGP
standard, which is implemented in commercial software. GnuPG could make
the old PGP dream come true, namely secure communication for everybody in
a heterogeneous world, well, if it weren't for real-world conditions (see also
Section 7.2.3).
Anyhow, all the criticism of the current or earlier versions doesn't change
anything of the extraordinary stir PGP caused worldwide: for the first time ever,
cryptography found general acceptance and can really be used by everyone.
The cost involved is not high — I show in [Wobpgp] how to get ready within
one hour to encrypt your mails and read them. You can find a similar text in
PD/PGP/pgp2.6.3/pgptut.txt
, and for GnuPG in
PD/PGP/GnuPG/microhowto
on our Web site. (The latter text is of the sort that I'd actually have expected
to get shipped with the GnuPG package.)
PGP Cracked!
This was the breaking news around the beginning of 2001 all across the Web
and eventually in the
New York Times
. It wasn't entirely correct, though, because
what really happened was an attack against the OpenPGP protocol, but it was a
critical attack indeed. You can read about this on
txt/cryptanalopenpgpattack.txt
on the Web site.
The attack required that Mallory had access to Alice's computer, for example,
to stealthily modify her private RSA signature key. From then on, if Alice sent
him a message signed with the modified key, he could actually calculate her
private key and sign in her name!
You might object that Alice's private signature key was encrypted, and how
would Mallory modify it? Well, it touches on a point where the OpenPGP
protocol has a flaw (and thus PGP as well as GnuPG): private keys are encrypted
in CFB mode only. This means that it shouldn't be a problem to change a
certain bit. This allows an attacker to mount the attack described as Risk 6 in
Section 4.5.3. Had the key been encrypted in CBC or ECB mode, the attack
could be prevented as long as the factors
p
and
q
were not stored in separate
locations, but, for example, in alternating byte sequences. But the OpenPGP
