PGP inventor says encryption flaw minor

A flaw found by two Czech researchers in the popular OpenPGP digital signature standard is real but relatively minor, the chairman of the open-source group says.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
A flaw found by two Czech researchers in the popular OpenPGP digital signature standard is real but relatively minor, Phil Zimmermann, chairman of the open-source group, said Wednesday.

"This is not a practical attack," he said. "Your adversary has to be able to modify your private key. That means they have to have access to your computer." Once an attacker has access, there are many other ways they can monitor the system. That makes the attack largely irrelevant, Zimmermann said.

Two Czech researchers said Tuesday that they had found a hole in the widely used encryption and digital signature standard known as OpenPGP. They remained silent on the technical details, however, leaving many security experts wondering whether the flaw actually existed.

The researchers, Vlastimil Klima and Tomas Rosa, posted a statement on the Web site of The ICZ Group, a Czech information technology company, but the two men have yet to release a technical report detailing the flaw.

Klima and Rosa did not respond to e-mail messages sent by CNET News.com on Tuesday seeking comment.

The OpenPGP standard is used in many programs--including Network Associates' PGP and GNU Privacy Guard--to allow messages to be encrypted or digitally signed to ensure the content hasn't been changed. It uses two codes, or "keys," to encrypt and decrypt messages: a public key that others know and a private key that should be kept secret.

The flaw, according to the press release, allows an attacker to learn a person's private key by modifying the encrypted data and then capturing a message signed with the key. A simple program then reveals the key to the attacker. After that, the attacker can then use the code to sign new messages, essentially giving him or her the power to forge electronic documents.

Neither Zimmermann, who created the original Pretty Good Privacy program in 1991, nor engineers at Network Associates, which currently owns the PGP trademark, were able to get more details from the researchers.

The OpenPGP group, however, was able to reconstruct the attack from the details in the release and confirmed that it does exist.

"We understand the attack," Zimmermann said. "They didn't talk to us about it. They are just kind of springing this at a trade show."

Both Zimmermann and Network Associates criticized The ICZ Group for putting people's security at risk for what amounts to a publicity stunt.

"This is not the way that we encourage researchers and vendors to keep up with security issues," said Mark McArdle, vice president of PGP engineering for Network Associates, adding that confirming or debunking the claims based on the information in the release is not possible.

Even though the company has not confirmed the flaw, Network Associates is treating the issue seriously, McArdle said.

"We take every single one of these issues very seriously," he said. "There is a rich history of excited individuals saying they broke PGP, but later it turns out that it is not true. However, we assume that it is an issue until we verify that it is not."