SecurityTracker: OpenPGP CFB Mode Is Subject to Adaptive Chosen-Plaintext Attacks

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Security) > OpenPGP

Vendors: OpenPGP.org

OpenPGP CFB Mode Is Subject to Adaptive Chosen-Plaintext Attacks

SecurityTracker Alert ID: 1013166

SecurityTracker URL: http://securitytracker.com/id/1013166

CVE Reference: CAN-2005-0366 (Links to External Site)

Updated: Mar 16 2005

Original Entry Date: Feb 11 2005

Impact: Disclosure of system information, Disclosure of user information

Vendor Confirmed: Yes Exploit Included: Yes

Description: A vulnerability was reported in OpenPGP. A remote user can conduct an adaptive-chosen-ciphertext attack against OpenPGP's cipher feedback mode.

A particular variation of cipher feedback (CFB) used by OpenPGP is affected. The flaw is due to an ad-hoc integrity check feature in OpenPGP. The 'quick check' feature when OpenPGP encrypts bulk data may leak some data that can be used in the attack.

The original report is available at:

http://eprint.iacr.org/2005/033

Serge Mister and Robert Zuccherato of Entrust reported this vulnerability.

Impact: A remote user may be able to determine a small amount of plaintext.

Solution: Vendor's of OpenPGP-based products (PGP Corporation, GnuPG, and Hush Communications) plan to disable the quick check feature for all public key-encrypted messages and files. This will be available in the next release of the product.

Vendor URL: www.pgp.com/library/ctocorner/openpgp.html (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

(Mandrake Issues Fix for GnuPG) OpenPGP CFB Mode Is Subject to Adaptive Chosen-Plaintext Attacks (Mandrakelinux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for GnuPG.

Source Message Contents

Date: Fri, 11 Feb 2005 16:57:44 -0500
Subject: http://eprint.iacr.org/2005/033



> Cryptology ePrint Archive: Report 2005/033
> 
> An Attack on CFB Mode Encryption As Used By OpenPGP
> 
> Serge Mister and Robert Zuccherato
> 
> Abstract. This paper describes an adaptive-chosen-ciphertext attack on the Cipher 
> Feedback (CFB) mode of encryption as used in OpenPGP. In most circumstances it will 
> allow an attacker to determine 16 bits of any block of plaintext with about $2^{15}$ 
> oracle queries for the initial setup work and $2^{15}$ oracle queries for each block. 
> Standard CFB mode encryption does not appear to be affected by this attack. It 
> applies to a particular variation of CFB used by OpenPGP. In particular it exploits 
> an ad-hoc integrity check feature in OpenPGP which was meant as a "quick check" to 
> determine the correctness of the decrypting symmetric key.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC