PGP fixes flaw in crypto software
Pretty Good Privacy says it's fixed a security hole in version 5.0 of its flagship software that allows individuals to encrypt email messages and files.
But the company's chief scientist argues that although PGP erred in its PGP for Personal Privacy version 5.0, the true problem arises from how Windows 95 and other insecure operating systems work. That means other Windows software is vulnerable to attacks that exploit the same security weakness.
The problem doesn't affect Macintosh computers today, but future Mac OS 8 users could be exposed to similar attacks due to that operating system's preemptive multitasking. This same capability in Windows 95 exacerbates the vulnerability to the security flaw.
"The problem is fixed; we have a workaround for it," said Jon Callas, PGP's chief scientist. The fix involves PGP users changing their preferences to set the password to expire in a very short time, like one second. That removes the password from the machine entirely.
The security bug allows someone to steal a user's secret password if the thief has physical access to his or her PC. Security is not compromised by email traveling over the Net nor by an attacker linking to the target machine through an Internet connection.
Australian security expert Christopher Drake, who operates the NetSafe Web site, discovered and publicized the security weakness. Using a popular desktop utility, Drake discovered his PGP password stored in several locations on his hard drive.
That would allow someone to extract Drake's secret password from his PC if the pilferer could sit down at his keyboard, read encrypted email, and forge Drake's digital signature.
Drake worked with PGP to fix the problem. Programmers had failed to execute a procedure called "burning the buffer," according to PGP's Callas. That means clearing caches of all temporarily stored data, wiping out the password from all memory.
"Some programmers will clear the cache multiple times just to be sure," Callas said. "If you're doing security software, you're already paranoid. The problem in PGP occurred because we forgot to burn a buffer once."
The bug results from how "virtual memory" works in Windows and many Unix operating systems, he added. Operating systems try to extend a computer's memory by storing data that isn't immediately required on the hard disk. But that data, such as a password, may remain on the hard disk instead of being erased when quitting the application.
Moreover, data in the memory can inadvertently be shared with other programs running at the same time.
"Part of the problem is the operating system doesn't make it that easy for us application designers to properly maintain our electronic hazardous waste," Callas noted. "We have to constantly go and take care of clearing any sensitive data."
But operating system vendors want to make it easy for software developers to write spiffy applications to run on their platform. "When you make software that is easy for people to put cool things in, it's easy for a malicious programmer to do something hostile," said Callas, who helped write Digital Equipment's VMS operating system.
To prevent security violations, operating system vendors must bar developers from doing things that would violate security, he added. "That's a very difficult road for [operating systems vendors] to walk down. They have to be balanced, attentive to developers who want to write cool software but attentive to the danger of exploitation."
Callas contended that there are easier ways to steal passwords than by the techniques Drake discovered. "Exploiting this bug to get passwords is harder than any number of other ways other people can hack you. On Windows, Macintosh, and Unix workstations it's trivially easy to steal people's keystrokes."
PGP will redouble its efforts to avoid similar security bugs in the future, he said. "I'm not so arrogant as to say we'll never let another bug happen again, but this is the sort of thing that's going to be a problem. Thank God this wasn't a very bad one."