![]() ![]() Internet public announcement on November 27 (2003) Koch, W.: GnuPG’s ElGamal signing keys compromised. of the 9th Usenix Security Symposium (2000) Katz, J., Schneier, B.: A chosen ciphertext attack against several E-Mail encryption protocols. Kaliski, B.: PKCS #1: RSA encryption version 1.5: Request for Comments 2313, Available as Jallad, K., Katz, J., Schneier, B.: Implementation of chosen-ciphertext attacks against PGP and GnuPG. P1363: Standard specifications for public-key cryptography, Available at Ĭryptrec, I.: Evaluation of cryptographic techniques, Available at Howgrave-Graham, N.A., Smart, N.P.: Lattice attacks on digital signature schemes. of the 11th Usenix Security Symposium (2002) Gutmann, P.: Lessons learned in implementing and deploying crypto software. of the 7th Usenix Security Symposium (1998) Gutmann, P.: Software generation of practically strong random numbers. Goldberg, I., Wagner, D.: Randomness and the Netscape browser. European project IST-1999-12324: New European Schemes for Signatures, Integrity, and Encryption (NESSIE), Springer, Heidelberg (1999)Įuropean Union. Springer, Heidelberg (2000)Ĭallas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP message format: Request for Comments 2440, Available as Ĭoron, J.-S., Naccache, D., Stern, J.P.: On the security of RSA padding. Springer, Heidelberg (1998)īoneh, D., Joux, A., Nguyen, P.Q.: Why textbook ElGamal and RSA encryption are insecure. Springer, Heidelberg (1996)īleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. Result presented at the Monteverita workshop of March 2001īleichenbacher, D.: Generating ElGamal signatures without knowing the secret key. Springer, Heidelberg (1998)īleichenbacher, D.: On the generation of one-time keys in DSS. Keywordsīellovin, D.M.: Cryptography and the Internet. Fortunately, ElGamal was not GPG’s default option for signing keys. As a consequence, ElGamal signatures and the so-called ElGamal sign+encrypt keys have recently been removed from GPG. The most serious flaw has been present in GPG for almost four years: we show that as soon as one (GPG-generated) ElGamal signature of an arbitrary message is released, one can recover the signer’s private key in less than a second on a PC. We observe several cryptographic flaws in GPG v1.2.3. We analyze parts of the source code of the latest version of GNU Privacy Guard (GnuPG or GPG), a free open source alternative to the famous PGP software, compliant with the OpenPGP standard, and included in most GNU/Linux distributions such as Debian, MandrakeSoft, Red Hat and SuSE. In this paper, we illustrate this point by examining the case of a basic Internet application of cryptography: secure email. ![]() Open source software thus sounds like a good solution, but the fact that a source code can be read does not imply that it is actually read, especially by cryptography experts. But how can one know if what is implemented is good cryptography? For proprietary software, one cannot say much unless one proceeds to reverse-engineering, and history tends to show that bad cryptography is much more frequent than good cryptography there. ![]()
0 Comments
Leave a Reply. |