ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Flaw found in PGP 5.0


May 29, 2000
Web posted at: 10:37 a.m. EDT (1437 GMT)

(IDG) -- Researchers say they've found a security flaw in the process by which an older version of Pretty Good Privacy (PGP) encryption software reads random numbers, making the cryptographic keys potentially insecure.

The flaw was discovered in the PGP 5.0 code base and is specific to Linux and OpenBSD command-line versions.

According to security researchers, PGP 5.0, created by PGP Inc., generates public/private key pairs with no or only a small amount of randomness under certain circumstances. PGP must gather random numbers from reliable sources so that the keys cannot be predicted by attackers. Versions 2.x and 6.5 of PGP aren't affected and nor are PGP versions ported to other platforms.


The problem was discovered by Germano Caronni, a researcher in the security group at Palo Alto-Calif.-based Sun Microsystems Inc., who said he doesn't speak on behalf of his company. The PGP flaw was verified by Thomas Roessler, a student at the University of Bonn, and Marcel Waldvogel, an associate professor at Washington University in St. Louis, Mo. Caronni and Roessler then posted the issue to the widely distributed BUGTRAQ security list.

  The need for online identities
  Cryptography advances into the future
  Linux security tips
  Computerworld's home page
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

According to the advisory, the problem is most serious when users start from scratch with a newly installed version of PGP 5.0 on a Unix system with a specific type of randomizing that creates key pairs using the command line only, with no interaction.

Caronni noted in the advisory that instead of correctly reading random data generated by the dev/random service, PGP 5.0i instead reads a stream of bytes with the value "1." Caronni and Roessler suggested that PGP 5.0 overestimates the randomness of the data it is being fed by what's called a "dev/random device" when the software creates secure keys.

They noted that this isn't a flaw in the random service, but in the PGP 5.0 implementation.

"If I, as a user, wanted to send someone a message using PGP, I would first want to confirm that they were not generating their key with the bad version, otherwise the crypto isn't very useful," said PGP user Lenny Foner, a Somerville, Mass. -based cryptography and public policy researcher. "And there is no easy and secure way to do that except to call them on the phone and ask them how they generated their key."

Network Associates Inc., which develops and markets newer versions of PGP, including the recently released PGP 7.0, wasn't available to comment on the flaw by press time.

Caronni advised that users who generated their key noninteractively on Linux or OpenBSD should consider revoking it and create a new key using a reliable version of PGP.

Under the public/private key cryptography system, each user generates a public key for others to obtain when they want to send them an encrypted message. User A, for example, obtains user B's public key, encrypts a message and sends it. That message can only be decrypted with user B's private key.

He said he was astonished to find the flaw in source code that had been publicly available for over a year. Some experts consider software such as PGP 5.0 more secure than proprietary programs because it is in the public domain and can be reviewed by the technical community. "That is a good beginning point, but people have to read it," said Caronni.

Caronni also pointed out that the amount of randomness gathered from other sources should still be sufficient for most applications. He urged users to continue using PGP to secure their data and noted that most people generate their keys using Windows versions of PGP or PGP 6.5 that aren't affected by the flaw.

Security experts say hackers have the edge
May 11, 2000
Suspected hacker may face extradition requests
May 9, 2000
Experts say more legislation will not deter computer hackers
May 5, 2000
Feds ask Congress for help in trapping hackers
April 10, 2000
Can you counter-attack hackers?
April 7, 2000
Government computers: The ultimate hackers' proving ground
March 23, 2000

Cryptography advances into the future
The need for online identities
Study: Encryption keys not safe on servers
Clock ticking on key encryption patent
Network World Fusion
NEC to unveil world's strongest encryption system
Linux security tips
Fine-tuning your Internet security
Update: U.S. grants PGP encryption export license

Pretty Good Privacy home page
The Security Focus advisory
Network Associates home page

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.