Bugzilla – Bug 65862
VUL-0: CVE-2005-0366: opengpg: non-practical attack against opengpg protocol
Last modified: 2021-10-27 15:58:24 UTC
... for the sake of completeness. Date: Thu, 10 Feb 2005 20:00:17 -0500 From: David Shaw <dshaw@jabberwocky.com> To: announce@gnupg.org Message-ID: <20050211010017.GC1476@jabberwocky.com> Cc: Subject: [Announce] Attack against OpenPGP encryption Last night, Serge Mister and Robert Zuccherato published a paper reporting on an attack against OpenPGP symmetric encryption. This attack, while very significant from a cryptographic point of view, is not generally effective in the real world. To be specific, unless you have your OpenPGP program set up as part of an automated system to accept encrypted messages, decrypt them, and then provide a response to the submitter, then this does not affect you at all. There is a very good writeup on the attack that goes into more depth at http://www.pgp.com/library/ctocorner/openpgp.html There will undoubtedly be further discussion of this over the next several days, but I wanted to provide a few comments now, to try and answer some questions that may arise: 1) This is not a bug in any particular OpenPGP implementation (GnuPG, PGP, Hushmail, etc). Rather, this is an attack against the OpenPGP protocol itself. 2) The attack requires an average of 32,768 probes to get two bytes of plaintext. This is why it is completely ineffective against human beings, who will presumably wonder why a stranger wants them to decrypt thousands and thousands of messages that won't decrypt, and then tell them what errors were seen. 3) It might be effective against an automated process that incorporates OpenPGP decryption, if that process returns errors back to the sender. 4) The OpenPGP Working Group will be discussing this issue and coming up with an effective and permanent fix. In the meantime, I have attached two patches to this mail. These patches disable a portion of the OpenPGP protocol that the attack is exploiting. This change should not be user visible. With the patch in place, this attack will not work using a public-key encrypted message. It will still work using a passphrase-encrypted message. These patches will be part of the 1.2.8 and 1.4.1 releases of GnuPG. 5) The full paper is available at http://eprint.iacr.org/2005/033 It's a great piece of work. David Index: include/cipher.h
<!-- SBZ_reproduce --> -
Created attachment 28499 [details] opengpg.diff
Here are more details (sorry, German only): http://www.heise.de/newsticker/meldung/56350 but as said in the article, the problem is only valid for self-encrypting systems and the solution is deactivating the quick-scan. It's only a minor problem, IMHO.
submitted packages for all SuLi versions: 8.1 (incl. UL1, SLEC, SLES8, ...), 8.2, 9.0, 9.1 (incl. SLES9), 9.2 security-team please handle the rest. :-) BTW: SLEC had a more recent version than its superset version: 8.1 and SLES8 Sure, I fixed the more recent version. :-)
Thank you. I'll handle the rest...
BTW: I noticed, that we have a gpg2 package in our distribution either. Please check, if this package isn't affected neihter.
SM-Tracker-449
Hello Petr, can you check is gpg2 is affected too please.
Klaus, looks like some suse-dist mails are missing. JFYI.
/work/src/done/PATCHINFO/gpg.patch.box /work/src/done/PATCHINFO/gpg.patch.maintained
Hi Thomas, gpg2 is affected too, I will prepare packages for 9.1 (sles9), 9.2 and STABLE ok?
Ok! Let me know when you are done and I will submit the patchinfo files.
I'm a bit puzzled, as a gpg2.spec is only existend for SLD, but nor for 9.1 nor SLES9 (not talking about 9.2 nor STABLE :-). Please check it out again.
Yes , you are right, our yapt tools for checkin packages some time lies, it have to be SLD insted 9.1(sles9). (tcrhak have to catch a lot of similiar bugs in this yapt tools ;))
gpg2 packages fixed and submited for SLES9-SLD, 9.2 and STABLE.
Thanks! :) I'll do the patchinfo files then. SM-Tracker-458 (for gpg2)
assign to sec-team
/work/src/done/PATCHINFO/gpg2.patch.*
updated packages released for gpg2 too.
CAN-2005-0366
CVE-2005-0366: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)