ISS X-Force Database: pgp-key-predictable(4570): PGP 5.0 generates predictable keys

PGP 5.0 generates predictable keys

pgp-key-predictable (4570)

Medium Risk

Description:

PGP for Linux contains a vulnerability when the /dev/random device is used for random numbers to generate keys non-interactively. The PGP key could be predictable, allowing an attacker to recover encrypted documents or forge digital signatures.

Consequences:

Obtain Information

Remedy:

Upgrade to the latest version of PGP (version 6.5 or later), available from the Network Associates Software Upgrades Web site. See References.

In addition, to secure data signed or encrypted with vulnerable keys:

Revoke the vulnerable keys, and discontinue the use of these keys.
Generate new public/private keypairs interactively.
Re-encrypt any data with the newly generated keypairs that was encrypted with vulnerable keys.
Re-sign any data with the newly generated keypairs that was signed with vulnerable keys.

References:

BugTraq Mailing List, Tue May 23 2000 - 16:13:23 CDT: Key Generation Security Flaw in PGP 5.0.
CERT Advisory CA-2000-09: Flaw in PGP 5.0 Key Generation.
Network Associates, Inc.Software Upgrades: Licensed User Product Upgrade.
BID-1251: Multiple Vendor PGP5 Automatic Key Generation Routine Vulnerability
CVE-2000-0445: The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.
OSVDB ID: 1355: PGP Predictable Key Generation
US-CERT VU#26188: Keys generated with PGP5i batch mode do not contain sufficient randomness on systems that use /dev/random

Platforms Affected:

PGP Personal Privacy 5.0

Reported:

May 30, 2000

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page