• Recommend:
• 0 Comments

Pretty Good Privacy Not Good Enough

Security flaw in free e-mail encryption software could let someone else decrypt your messages.

By Elinor Abreu, The Industry Standard   

The problem arises from a feature that Network Associates added to Pretty Good Privacy that allows for the recovery of data in encrypted messages.

The flaw, discovered by Ralf Senderek and reported Thursday, highlights the technical difficulties in creating key-recovery systems, says Bruce Schneier, chief technology officer of Counterpane Internet Security and author of Applied Cryptography.

Under PGP, each person has a public key and a private key, or codes that are used to encrypt and decrypt messages. A person sending an e-mail message can use a recipient's public key to encrypt messages that only the recipient can decrypt, with their private key. Key-recovery systems allow a third party, usually a corporation or the government, to access encrypted data in the event that an employee leaves the company, or for criminal investigations.

When versions 5 and 6 of PGP, which support data recovery, create new public and private key pairs, or certificates, they allow a user to specify whether to add Additional Decryption Keys. If the user enables the ADK option, when a sender encrypts a message to the user, PGP automatically encrypts the message by using both the user's public key and the ADK.

However, the software doesn't require the ADKs to be in the signed portion of the PGP certificate, which means that someone can take your PGP certificate, add his or her own key as the ADK, and distribute it, all without your permission. Thereafter, the unauthorized user would be able to decrypt any intercepted messages.

Will It Hit Home?

Executives at Network Associates point out that the ADK option is designed for corporate users who may have to follow a data-recovery policy for all corporate communications. Most home users won't be affected because they won't enable the ADK option, according to Mike Jones, business line manager for PGP products at Network Associates. "The message from our [corporate] customer base is loud and clear: that they need data recovery."

Network Associates says it will issue a patch for the flaw Thursday. The company also has secured the PGP certificate server so that no one can update ADKs, and will scan the server to see whether any such ADKs are out there, says Mike Wallach, president of the PGP security division at Network Associates.

"There have been no examples of anybody being compromised for this," Wallach says. "We think it's a fairly esoteric bug, that, nevertheless, we need to respond to."

The hole won't be a simple one to plug for Network Associates. Even if the company creates a fix and you download it, it won't make a difference unless all the people who send you messages also download it. "You have no control over whether all the senders have upgraded," Schneier notes.

Jones conceded that both senders and recipients of PGP messages will need to install the patch.

With more than 6 million users, PGP is the most popular free encryption program. Upon its release, it was targeted by the U.S. government for allegedly violating U.S. export rules, which prohibit the export of strong encryption for national security reasons. The government dropped its case against PGP creator Philip Zimmermann in 1996, however, and has since loosened its encryption export regulations. Network Associates acquired PGP in 1997.

For more in-depth coverage of the Internet Economy, visit The Industry Standard.