Date: 9 Aug 1997 02:13:36 -0000 From: iang@systemics.com To: e$@thumper.vmeng.com Subject: Hipped on PGP HIP finishes late in the day. It's 0100 - that's one in the morning for the temporally challenged - and the smart card workshop has just broken up. Actually it was the second pass. The first pass was 'sold out' at 150 people, this second started at 2300 this evening. Again, 150 people turned up and sat through presentations of hardware and data formats and attacks on the financially finest plastic in Europe. I have no snippets or revelations, I am not one of the dedicated. Mondex remains un-hacked, ChipKnip is secure. Frankly I'm not interested, I find the world of smart cards deadly boring. Perhaps it is the hardware, or maybe because attacks on smart cards have little chance of realising any gain or meltdown. I can on the other hand report that Saturn is safe tonight, as our in-HIP astrodome is busilly monitoring progress. What better way to wind down than to head up to north campground and check out the latest telescopic tracking software. Speaking of celestial control, the weather is perfect. That's by California standards, not European. Dave del Torto was lucky to be joining us for his talk on PGP user security. After buzzing the bells of the trainee bag scanner with 15kg of portables and random cables, he was incarcerated in an investigative cell for a couple of hours. Many hours after seeing his flight head east, a state department goon turns up. "When are you coming back?" asks the goon, knowing full well the day. Dave says "the 16th" blithely unaware that his passport expires on the day before. Goon leaves, returns, hands over passport. Only problem was, passport was cancelled... No explanation. No advice, no help. How Dave wings it over to HIP and saves the free world has to wait until, well, another's email. What disturbs is the gradual, unstoppable closing of borders in our erstwhile free western neigbour. Just like the American predomination, or should I say, embarrasment of topic on the never-ending crypto saga. If freedom is to contract a cancer, a malignant tumour, then Dave's talk on PGP user security is as a promise of the miracle cure, and not the State Department chemotheropy that cures the disease by killing the patient. Dave was followed by a presentation by Gary Howland on weaknesses in PGP. These theoretical problems leave one with niggling doubts as to the accepted reputation, our holy gail of privacy and security. There is no need for panic - many of the attacks are both highly specific, have been recognised for some time, and have been explicitly fixed in the latest release, PGP 5.0. But there is pause for thought. Howland and myself and many other have built financial cryptographic systems that relied on the mantra of PGP impregnability. The attacks he described work best in programmed systems like ours and those of our more respectable competitors. For example, imagine building a system that authorised counterparties on the strength of the PGP id or the fingerprint. Now we discover that Mallory can make a new key with the same fingerprint. Whilst not wishing to state that this is the end of the world, clearly we have to re-evaluate the entire architecture that was built up upon PGP. We believed in the PGP reputation as much as others, and these attacks are a timely reminder of the need for eternal hacker vigilance. These flaws are significant but addressable: PGP 5.0 has fixes for all but one of the flaws mentioned. And for the record, whilst Gary's attack to change conventionally encrypted files without detection was unknown to the PGP team at the moment, we can be sure that it will be addressed. Other exciting developments were the van Eyk demonstration by Prof. Euller. Not one, not two, but three methods to detect and display PC monitor signals on a slaved monitor, from distances into the several hundreds of metres. There is now little doubt that standard computers are the FBIs best friend. What need key escrow? Signing off and Hipped out. iang@somwhere.in.the.middle.of.nowhere