iTnews

Poison certs imperils GnuPG checking of Linux software

By Juha Saarinen, iTnews on Jul 1, 2019 11:31AM
Poison certs imperils GnuPG checking of Linux software

"Devastating attack" likely to get worse.

An attack has been unleashed against the global synchronising keyserver (SKS) network used by the popular OpenPGP encryption standard, with developers saying there is currently no mitigations available and that the problem is likely to get worse.

By adding large amounts of undeletable signatures to certificates on keyservers, it is possible to cause OpenPGP implementations to stop working.

The attack threatents to make the GnuPG implementation of OpenPGP unusuable, which would have devastating consequences for open source users.

GnuPG is used to verify downloaded software packages for Linux-based operating systems, and attackers could attempt to poison a vendor's public certificate and upload it to the keyserver network.

Doing so would make GnuPG choke, making it impossible to verify the authenticity of downloaded packages.

Robert Hansen (rjh) who maintains the GnuPG frequently asked questions list and is the unofficial crisis communicator for the project said that unknown attackers had exploited a defect in the OpenPG protocol in order to poison his and high-profile contributor Daniel Kahn Gillmor's (dkg) certificates.

Anyone who imports rjh and dkg's poisoned OpenPGP certificates are very likely to break their installations, Hansen said.

The flaw stems from a design decision taken in the early 1990s to make the keyserver network censorship resistant, in case repressive regimes were to force operators to replace certificates on servers with ones of a government's choosing.

For that reason, the SKS network was designed so that information could be added to certificates, but not deleted ever. Certificates can't be deleted either from the SKS network of servers.

Hansen said the keyserver network handles digital certificates with up to about 150,000 signatures.

The GnuPG open source implementation of OpenPGP cannot handle cerificates with that many signatures however.

"Any time GnuPG has to deal with such a spammed certificate, GnuPG grinds to a halt. It doesn't stop, per se, but it gets wedged for so long it is for all intents and purposes completely unusable.

My public certificate as found on the keyserver network now has just short of 150,000 signatures on it," Hansen said.,

He warned that the verifying signatures could make GnuPG attempt to deal with spammed certificates, even though they are not imported, causing people's installations to break.

Things will get worse; no fix on the horizon

While the notion of immutable certificate storage seemed sound at the time, in 2019 it threatens OpenPGP's future as there is no way to fix the problem, bar a redesign of the software.

Due to the decision to make data on the keyserver network immutable, spammed certificates cannot be deleted from it.

Hansen expects more certificates to become poisoned over time, with the problem being compounded by booby-trapped credentials being difficult to detect until someone tries to import them.

The problem has been known for a decade but it hasn't been fixed due to what Hansen say are powerful technical and social factors inhibiting further keyserver development.

SKS keyserver software was developed in an idiosyncratic dialect of an unusual programming language called OCaml by Yaron Minsky as part of a PhD thesis. 

The software is unmaintained with nobody in the keyserver community feeling qualified to do a serious overhaul of the code base written in an obscure programming language with strange customs.

Furthermore, the issue isn't due to a bug as such, but a design goal that needs to be changed. Doing so would mean ripping out a large chunk of the current code base and replacing it with software that behaves very diffierently.

Likewise, the keyserver network is designed not to have a centralised authority, again to make it resistant to government control. This makes changing design goals even harder than they normally are, Hansen said.

Currenty, the only mitigation for users is not to retrieve data from the SKS keyserver network, Hansen said.

The attack has angered the OpenPGP community, which suspects it was done as an experiment.

Gillmor called the attack "a pretty shitty thing to do" and said it had caused him to consider leaving the project.

Hansen using stronger language in a message to the attacker:

"I do not hate you and I do not wish any harm to befall you.

But if you get hit by a bus while crossing the street, I'll tell the driver everyone deserves a mulligan once in a while.

You fool. You absolute, unmitigated, unadulterated, complete and utter, fool.

Peace to everyone — including you, you son of a bitch." he wrote.

 

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
gnupg openpgp pgp pretty good privacy security

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity
Building a ransomware remediation backup strategy
Building a ransomware remediation backup strategy

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By Juha Saarinen, iTnews
Jul 1 2019
11:31AM
0 Comments

Related Articles

  • Reserve Bank of NZ governor apologises for 'serious' data breach
  • Google unravels state-of-art Android and Windows exploit chains
  • Mimecast says hackers hijacked its products
  • EU drugs regulator says some data from cyber attack leaked online
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Update Chrome or risk remote takeover, US govt warns

Update Chrome or risk remote takeover, US govt warns

Telstra pilots its first neurodiversity recruitment program

Telstra pilots its first neurodiversity recruitment program

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.