Software Flaw Compromises E-Signatures
N E W Y O R K, March 23, 2001 -- Security experts expressed skepticism about thegravity of a flaw in the most popular software for sendingencrypted e-mail.
The vulnerability in Pretty Good Privacy, disclosed by two Czechcryptologists on Tuesday, could allow a hacker to use someoneelse's electronic signature to send messages. That, in essence, could mean the forging of signaturesincreasingly used to authorize such things as financialtransactions.
Software Creator Questions Threat
Philip Zimmermann, the creator of PGP, confirmed the flawexists, but on Wednesday questioned how useful it would be toattackers.
A hacker would first have to bypass security firewalls and gainaccess to the recipient's hard drive. If a hacker can get that far,Zimmermann said, the user has greater worries, including theability for someone to install software to monitor keystrokes likepasswords. The Czech cryptologists, working for Prague-based ICZ, announcedtheir discovery on Tuesday. The company said the discovery happenedwhile conducting research for the Czech National SecurityAuthority.
Program Could Gain Popularity
Although fewer than 10 million people worldwide currently usePGP, the use of e-signatures could rise now that the U.S.government gives legal standing to documents "signed" online. Ane-signature law took effect Oct. 1, although it did not detailpermissible methods.
PGP uses a dual-key mechanism in which one key locks a messageand a different key unlocks it.
People who want to receive scrambled mail distribute a publickey that locks messages. A sender uses a person's public key toencrypt the message, which can be unlocked only by the private keyof the recipient.
A separate set of keys is used for authentication, which ensuresa message actually comes from the sender and not an impostor. Italso helps verify that the message isn't altered in transit. To access either of the private keys, the e-mail recipientnormally has to type in a password. The flaw discovered by the Czech cryptologists could letoutsiders use the private key without a password — by makingmodifications to the file that contains the key.
Users Would Notice Tampering
But it only affects the authentication function of PGP, notdecoding, said Mark McArdle, vice president for PGP engineering atNetwork Associates Inc., which sells the software's most popularversion. And, Zimmermann said, a user would quickly realize the file hasbeen modified and get a replacement, so the window for an attackerto forge messages is narrow. David Bowman, chief technical officer for Hush CommunicationsCorp., another PGP software maker, said PGP itself isn't broken. "They haven't broken the encryption. They haven't cracked thepass phrases. They've found a way around it." McArdle said the software should be easily fixable.