key-signing and stolen subkeys
David Shaw
dshaw at jabberwocky.com
Sun May 23 16:22:18 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, May 23, 2004 at 01:19:33AM -0400, Atom 'Smasher' wrote:
> with the recent discussion about attacks against keys and irresponsible
> signing protocols, i'd like to enter this observation...
>
> make sure that the signed secret can't be "recycled" and used in an attack
> by including a note in the signed material:
>
> ----begin signed stuff----
> this secret - "2Oj8otwPiW"
> is being used by alice (0x123) and mallory (0x456)
> to verify each others encryption and signing keys
> may 2004
> ----end signed stuff----
>
> if step 2 isn't observed... mallory offers to exchange key signatures with
> alice. mallory offers alice a string, and asks her to prove her possession
> of the secret signing key by signing that string. alice signs the string,
> without including any comments about what that string signifies, and sends
> that signed string back to mallory. mallory can now use that signed string
> to "prove" his possession of the signing key, by offering the same secret
> to multiple people.
Not if the person is issuing the challenge properly. Challenges must
be random. When someone challenges Mallory to prove he can issue
signatures from Alices key, the challenge string will not match the
challenge that Alice signed.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (GNU/Linux)
iGoEARECACoFAkCws5kjGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h
c2MACgkQ4mZch0nhy8lENgCgweuXT2Op5n4OMaFfsZC0vBg4x1MAoMbefNdeYgOB
VYwZOFJfSNH+tI8u
=cRgo
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list