lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8352975d1001171304r7d797867m952cc840ae9be873@mail.gmail.com>
Date: Sun, 17 Jan 2010 22:04:35 +0100
From: Sens0r The real <the.real.sens0r@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: 0xdeadbeef attack on gpg

Hello list,
I'm currently digging into the security aspect of RSA and web of
trust... while searching the web I found some notes about the
0xdeadbeef attack, where you generate a key that has the same short
fingerprint than another, and over this way you fool other users to
use the wrong key.

So I'm searching information about this hack, I did not found any
paper on the usual places, and I don't find much information at all.

How does this attack was done in practice? I mean you have to generate
a fingerprint that has as last 8 bytes 0xdeadbeef (hex) that clear for
me, but what is the best way? You could simply generate one key after
the other and throw away every key that is not matching, but this
might last for quite a long time if you are unlucky.

How does one could influence it to get a result faster?
I would be happy for every hint/link/information.


Kind regards,
Sens0r

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ