[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: message integrity checksum?

To: Adam Back <aba@xxxxxxxxxxxx>
Subject: Re: message integrity checksum?
From: Gary Howland <gary@xxxxxxxxxxx>
Date: Tue, 06 Jan 1998 22:38:01 +0100
Cc: ietf-open-pgp@xxxxxxx, ianb@xxxxxxx
In-reply-to: Your message of "Tue, 06 Jan 1998 18:31:21 GMT." <>
Sender: owner-ietf-open-pgp@xxxxxxx

> 
> Gary Howland discussed PGP vulnerabilities at HIP97 I think.  One of
> the vulnerabilities was that encrypted (but not signed) messages could
> be altered undetectably.
> 
> This can be demonstrated (with pgp2.6 command line):
> 
> % echo hello world > junk
> % pgp -c +compress=off -zfred junk
> % sed 's/....$/adam/' < junk.pgp > junk2.pgp
> % pgp -zfred junk2.pgp
> % cat junk2
> hello wo<F8>P?t
> 
> (pgp doesn't complain or even notice the above ... there is no
> checksum and so you can just garble the file, if you so wish, and pgp
> won't complain).
> 
> Was this viewed as a problem?
> 
> I think the example given is that someone might use this (symmetric
> encryption) to send commands to a remote command executer which would
> be trusted because it was encrypted with a shared passphrase.  This
> shows that the last command say could be garbled, resulting in a null
> operation and potential security problem.

With known plaintext, the last 8 bytes can be set to anything the attacker 
desires - so it's not just a case of removing or randomly corrupting data.

You can find the paper for the talk at:

	http://www.hotlava.com/doc/index.html


Gary

References:
- message integrity checksum?
  - From: Adam Back

Prev by Date: message integrity checksum?
Next by Date: Re: message integrity checksum?
Previous by thread: message integrity checksum?
Next by thread: Re: message integrity checksum?
Index(es):
- Date
- Thread