Monday, March 13, 2006

Schneier on Security: Huge Vulnerability in GPG

Read about Bruce's take on this vulnerability in the way GPG verifies signatures. When Bruce Schneier calls it "huge", there is certainly cause to be worried. It seems that non-detached digital signatures (like those used in email communications, or embedded into signed documents) will still come back as valid when checked with GPG, even when bogus data has been added to the original, signed content. GNU Privacy Guard implements signatures according to the OpenPGP message format, which allows for multiple signatures to be part of one document, each possibly signing different data blocks. The code that implements this works as advertised, but is a bit too lenient in how it processes certain legacy signature formats, or handles malformed data. The end result is that an attacker could alter signed data and have it appear genuine. From the security announcement:
Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data. Detached signatures (a separate signature file) are not affected. All versions of gnupg prior to are affected.
So the fix is to upgrade, but you can use detached signatures in the meantime.

Technorati Tags: , , ,

No comments: