Security hole found in PGP

A security flaw has been found in one of the world's most popular encryption programs that allows hackers to read confidential e-mail.

A security flaw has been found in one of the world's most popular encryption programs that allows hackers to read confidential e-mail.

AUSTRALIA (ZDNet Australia) - The flaw has been found in certain versions of Network Associates' (NAI) PGP encryption program, however, the company has yet to post a fix for it or even acknowledge the problem on its Web site.

According to BugTraq, the vulnerability exists in certain versions of PGP that support ADKs (Additional Decryption Keys), potentially allowing an attacker to insert a public key into the unsigned portion of the victim's public key. "The end result is that all communications sent to the victim encrypted with the altered public key would also be encrypted for the attacker, who could then decrypt it with his own key."

Late Friday NAI spokesman Dean Stockwell said the PGP Group was working on a patch for the problem as its number one priority. "We expect to have a patch available within 24 hours," he said.

First news of the flaw was posted on the SlashDot Web site early Friday morning and raised concerns that the flaw may have been known of for some time and exploited by various US government agencies.

According to SlashDot, when Network Associates joined the Key Recovery Alliance, they modified PGP by supporting an ADK, which allows an authorised third party to decrypt the message.

PGP versions 5 and 6 allow the user to add additional ADKs to the certificate. When a sender encrypts a message to that user, PGP will automatically encrypt the message in both the user's public key and the ADK.

However, the security flaw has arisen because some versions of PGP don't require the ADKs to be in the signed portion of the PGP certificate.

According to Bruce Schneier, of Counterpane, who discovered the flaw, what this means is that an organisation or hacker can take a PGP certificate, append an ADK, and spread it out to the world.

"This tampered version of the certificate will remain unnoticed by anyone who doesn't manually examine the bytes, and anyone using that tampered version will automatically and invisibly encrypt all messages to the organisation as well as the certificate owner."