[ Pobierz całość w formacie PDF ]
.If that is true, then a 1,024-bitkey, given today s newest algorithms, will be secure for the next 10,000 years, assuming nomore increases in technology.If technology increases, less time will be required.Brute Forcing IDEA KeysThere are no known attacks against IDEA keys at this time.The best that can be done is tryingall 2128, or 3.4×1038, keys.Given the difficulty in performing this test, it is actually easier to tryto break the RSA keys that are used to encrypt the IDEA keys in PGP.It has been estimatedthat the difficulty in breaking IDEA is about the same difficulty as factoring a 3,000-bit RSAkey.Secret Keys and Pass PhrasesThe security of the PGP secret key ring is based on two things: access to the secret key ringdata and knowledge of the pass phrase that is used to encrypt each secret key.Possession ofboth parts is needed to use the secret key.This also leads to a number of attacks, however.If PGP is used on a multiuser system, access to the secret key ring is possible.Through cachefiles, network sniffing, or a multitude of other attacks, a secret key ring can be obtained just bywatching the network or reading through the disks.This leaves only the pass phrase to protectthe data in the secret key ring, which means an attacker needs to obtain only the pass phrase tobreak the security of PGP.Moreover, on a multiuser system, the link between the keyboard and the CPU is probablyinsecure.Watching the keystrokes would be easy for anyone who has physical access to thenetwork connecting the user s keyboard to the mainframe being used.For example, usersmight be logged in from a public cluster of client terminals, where the connecting network canbe sniffed for pass phrases.Alternatively, users might be dialing up via modem, in which case684 Part III: Messaging: Creating a Secure Channelan eavesdropper could listen in on their keystrokes.In either case, running PGP on a multiusermachine is insecure.Of course, the most secure way to run PGP is on a personal machine that no one else uses andis not connected to the network; in other words, a laptop or home computer.Users mustbalance the cost of a secure environment with that of secure communications.The recom-mended way to use PGP is always on a secure machine in a secure environment, where the userhas control over the machine.The key to the best type of security is that the connection between the keyboard and the CPUbe secure.This is accomplished either by encryption or better yet by a direct, uninterruptibleconnection.Workstations, PCs, Macs, laptops all fit into the category of secure machines.The secure environment is much more difficult to show and is not explored here.Public Key Ring AttacksBecause of the importance and dependence on the public key ring, PGP is susceptible to anumber of attacks against the key ring.First, the key ring is checked only when it changes.When new keys or signatures are added, PGP will attempt to verify them.However it will flagthe checked signatures on the key ring so it will not validate them again.If someone modifiesthe key ring and sets the bits appropriately on signatures, they will not be checked.Another attack against the key ring focuses on the process PGP uses to set a bit for the validitytrust in a key.When new signatures arrive on a key, PGP computes the validity of the key byusing the Web of Trust values described earlier.PGP then caches the validity on the public keyring.An attacker could modify this bit on the key ring to force a user to trust the validity in aninvalid key.For example, by setting this flag an attacker could make the user believe that a keybelongs to Alice even though there are not enough signatures to prove that validity.Another attack against PGP s public key ring may occur because the trust of a key as anintroducer is also cached on the public key ring.This value defines how much trust is put inthis key s signatures, so it is possible to force PGP to accept invalid keys as valid by signingthem with the key with the invalid trust parameter.If a key were modified to be a fully trustedintroducer, any keys that were signed by that key would be trusted as valid.Therefore, anattacker could force the user to believe that a forged key is valid by signing it with the modifiedkey.The biggest problem with the public key ring is that all of these bits are not only cached on thekey ring, but they are not protected in any way on the key ring! Anyone who has read the PGPsource code and has access to the public key ring can use a binary file editor to change any ofthese bits, and the key ring owner would never notice the change.Fortunately, PGP provides away to recheck the keys on the key ring.By using the -kc and -km options together, a user cantell PGP to perform a key maintenance pass over the whole key ring.The former option tellsPGP to check keys and signatures.It will go through the key ring and recheck every signature.PGP 685When all the signatures have been checked, PGP will perform a maintenance check ( -km) andrecompute the validity of all the keys.Unfortunately there is no way to completely recheck all of the trust bytes on keys.This is abug.There should be a command to tell PGP to ignore all trust bytes and ask the user for truststarting with the ultimate keys those on the secret key ring.Perhaps a future version of PGPwill fix this problem
[ Pobierz całość w formacie PDF ]