5152497 2000-06-01 13:16 /106 rader/ Postmaster
Mottagare: Bugtraq (import) <11082>
Ärende: PGP Security Advisory for PGP 5.0
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
X-Accept-Language: en,pdf
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3934835E.936BDE13@cyphers.net>
Date: Tue, 30 May 2000 20:13:34 -0700
Reply-To: wprice@cyphers.net
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Will Price <wprice@cyphers.net>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Network Associates Security Advisory
Date: May 30, 2000
Author: PGP Engineering
Background:
A security issue has been discovered in the following PGP products:
- PGP 5.0 for Linux, US Commercial and Freeware editions
- PGP 5.0 for Linux, Source code book (basis for PGP 5.0i for Linux)
The following PGP products are NOT affected by this issue:
- PGP 1.x products
- PGP 2.x products
- PGP 4.x products
- All other PGP 5.x products
- PGP 6.x products
- PGP 7.x products
Synopsis:
During a recent review of our published PGP 5.0 for Linux source
code, researchers discovered that under specific, rare circumstances
PGP 5.0 for Linux will generate weak, predictable public/private
keypairs. These keys can only be created under the following
circumstances:
- Keys are generated using PGP's command line option for unattended
batch key generation, with no user interaction for entropy
(random data) collection
- No keys were generated interactively on this system previously
(e.g., a PGP random seed file is not present on this system
prior to unattended batch key generation)
- PGP is able to access the UNIX /dev/random service to gather
entropy during unattended batch key generation
PGP 5.0 for Linux does not process the data read from /dev/random
appropriately, and therefore does not gather enough entropy required
to generate strong public/private keypairs. This issue affects
both RSA and Diffie-Hellman public/private keypairs, regardless of
keysize. Network Associates has verified that this issue does not
exist in any other version of PGP.
Solution:
Users who generated keys in the manner described above are strongly
urged to do the following:
- Revoke and no longer use keys suspected to have this problem
- Generate new public/private keypairs with entropy collected
from users' typing and/or mouse movements
- Re-encrypt any data with the newly generated keypairs that is
currently encrypted with keys suspected to have this problem
- Re-sign any data with the newly generated keypairs, if required
Users are also urged to upgrade to the latest releases of PGP,
as PGP 5.0 products have not been officially supported by Network
Associates since early 1999, or distributed by Network Associates
since June 1998.
Additional Information:
US commercial and freeware versions of PGP 5.0 for Linux were
released in September 1997 by PGP, Inc., a company founded by
Phil Zimmermann. Source code for the PGP 5.0 product family was
published in September 1997. PGP, Inc. was acquired by Network
Associates in December 1997.
Acknowledgements:
PGP appreciates the efforts of Germano Caronni, Thomas Roessler and
Marcel Waldvogel in identifying this issue and bringing it to our
attention.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>
iQA/AwUBOTQcqaF4LLqP1YESEQL2bQCeNfWnWIOzNU87HqXZcxFiPbm5oeQAoObs
w9haL8H5nQdXdicbUOMbAB9N
=24ko
-----END PGP SIGNATURE-----
(5152497) ------------------------------------------