NA confirms PGP bug and promises a fix Friday

PGP software can't spot an additional decryption key that's been maliciously added, but that's about to change

Security firm Network Associates (NAI) has promised a fix for versions 5.5.x to 6.5.3 of its PGP (Pretty Good Protection) encryption software.

The email systems contain a serious security bug discovered by Ralf Senderek, a German researcher. The vulnerability could allow an unauthorised third party to read encrypted emails rendering the software useless.

Senderek found that some PGP software cannot distinguish between a third-party encryption key that had been maliciously added to a public PGP key, and one placed with a user's consent. Some companies add such third-party encryption to their employee's emails so messages can be decoded if a member of staff leaves or for criminal investigations.

Phil Zimmermann, who created PGP, explained that fixing the bug was a top priority. "We at NAI/PGP were made away of this bug in PGP early this morning, and we're responding as fast as we can. We expect to have freeware and commercial patches released on Friday".

The PGP 6.5.x freeware release will be available from the MIT Web site, and commercial fixes for versions 5.5.x upwards will be posted on www.nai.com and www.pgp.com.

A PGP user has one public and one private encryption key. The public key is used to securely encrypt an email and is distributed within the public key certificate, either in a user's emails or on a public server or Web page. To decode an encrypted email, it is necessary to know the private key, which the user should keep secure.

Pressure from government bodies led to the creation of Additional Decryption Keys (ADKs), which are added to the public key certificate and allow a third party to also decrypt emails that were encrypted by the public key. If a user agrees to an ADK being added to his public key, it is placed within the secure area of the certificate.

Because public key certificates are widely available, it is simple to add an unauthorised ADK to the insecure. Senderek discovered that PGP versions 5.5.x to 6.5.3 fail to check whether an ADK has been placed within the secure area of a certificate. The implication is that if an unauthorised person could add their own ADK to a PGP certificate, they would then be able to read any emails encrypted using the modified public key.

Because an attacker would still have to intercept the victim's emails, some security experts believe it unlikely that this flaw has actually been taken advantage of. However, there is no way of knowing to what extent this is true.

They can see you... Read about how and why in Surveillance, a ZDNet News Special

What do you think? Tell the Mailroom. And read what others have said.