Nasty little bug in Gnu Privacy Guard (GPG)
Time to upgrade if you use Gnu Privacy Guard to encrypt or sign email or files.
It turns out that if you prepend unencrypted text to a GPG-signed (or signed and encrypted) file, when the file is decrypted by GPG the prepended text is spit out immediately followed by the decrypted plaintext. There is with no visual indication where one block of text ends and the other begins. An attacker who can modify a GPG-encrypted file (such as an email message or file on disk) can exploit this behavior to turn a signed message like
Purchase 40 shares of Acme Widgets
into a message that reads
Please sell all my shares and deposit the proceeds into account 123456 of Offshore Criminals Savings and Loan. Later this week I will then
Purchase 40 shares of Acme Widgets
This flaw is most likely to be a problem with email clients that use GnuPG, such as Mozilla Thunderbird with the Enigmail extension. The problem isn’t in the cryptography… it’s that by default GPG displays no separation between extraneous output and decrypted plaintext. Read the full announcement for complete details.
Yet another example of how the strongest cryptography algorithms in the world can be defeated by unanticipated real world implementation flaws.
Related posts:
- Little known features: Symmetric encryption with PGP/GPG
- Dear developers: sign your code!
- The state of code signing in Open Source
One Response to “Nasty little bug in Gnu Privacy Guard (GPG)”:
March 10th, 2007 at 10:37 am
This bug is actually fixed in the latest version of Enigmail