IETF Logo Mail Archive

Re: Anybody know details about Schneier's "flaw"?

Carl Ellison <cme@acm.org> Sat, 17 August 2002 12:56 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA24895 for <openpgp-archive@lists.ietf.org>; Sat, 17 Aug 2002 08:56:17 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7HCgkt19328 for ietf-openpgp-bks; Sat, 17 Aug 2002 05:42:46 -0700 (PDT)
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7HCgjw19322 for <ietf-openpgp@imc.org>; Sat, 17 Aug 2002 05:42:46 -0700 (PDT)
Received: from p4 ([12.224.48.160]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020817124231.IDUW1746.rwcrmhc51.attbi.com@p4> for <ietf-openpgp@imc.org>; Sat, 17 Aug 2002 12:42:31 +0000
Message-Id: <3.0.5.32.20020817054229.0229a930@localhost>
X-Sender: cme@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Sat, 17 Aug 2002 05:42:29 -0700
To: ietf-openpgp@imc.org
From: Carl Ellison <cme@acm.org>
Subject: Re: Anybody know details about Schneier's "flaw"?
In-Reply-To: <20020816031342.A599725@exeter.ac.uk>
References: <5.1.1.6.2.20020815174759.02572e28@127.0.0.1> <5.1.1.6.2.20020814093305.01451338@127.0.0.1> <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com> <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com> <5.1.1.6.2.20020814093305.01451338@127.0.0.1> <sjm1y91wfh7.fsf@kikki.mit.edu> <5.1.1.6.2.20020815174759.02572e28@127.0.0.1>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 03:13 AM 8/16/2002 +0100, Adam Back wrote:

>Also the attack for those who haven't read the paper is really
>low-tech.  They're just observing that if you can ask someone to
>decrypt a message you can use that to decrypt related messages.  So
>you intentionally garble a message, and hope the user sends you the
>garbled plaintext back to you to ask what went wrong.  The rest
>falls out of the fact that if you garble a few bits of a ciphertext
>most of the plaintext will still be intact.


Y'know, there's an even simpler attack with the same premise.  You
intercept an encrypted e-mail from Alice to Bob.  You take the mail
body out of the message and send that body to Bob under your e-mail
address (or under some address you control that Bob might mistake for
Alice's, which would be even better).  Bob decrypts the message and
replies to it, including the original message body by default.

The mistake here, on Bob's part, is to reply to a message without
paying attention to the e-mail address being used -- rather than
replying to a message with quoted garbage rather than just saying
"that was garbage -- send again".

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBPV5EtHPxfjyW5ytxEQI12ACg3NB4hVzj9Og2VB0dpz6CNtdv9IUAniTD
AK7BRrNff1maSKf+z/RzYkcV
=nq3Z
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison         cme@acm.org     http://world.std.com/~cme |
|    PGP: 75C5 1814 C3E3 AAA7 3F31  47B9 73F1 7E3C 96E7 2B71       |
+---Officer, arrest that man. He's whistling a copyrighted song.---+

v2.23.0 | Report a Bug | By Email