lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 15 Aug 2016 15:34:01 +0000 (UTC)
From:	<1471274895@...mail.org>
To:	<linux-kernel@...r.kernel.org>
Subject: Fake Linus Torvalds' Key Found in the Wild, No More Short-IDs.

It was well-known that PGP is vulnerable to short-ID collisions,
and many experiments were done to demonstrate that. [0]

Nevertheless, real attacks started in June, some developers found
their fake keys with same name, email, and even "same" fake signatures
by more fake keys in the wild, on the keyservers. [1]

All these keys have same short-IDs, created by collision attacks, led
with some discussions about the danger of short-IDs. Now, it is worth
to mention this issue again, since fake keys of Linus Torvalds, Greg Kroah-Hartman,
and other kernel devs are found in the wild recently.

> We don't know who is behind this, or what his purpose is. We just know this
> looks very evil.

Search Result of 0x00411886: https://pgp.mit.edu/pks/lookup?search=0x00411886&op=index
Fake Linus Torvalds: 0F6A 1465 32D8 69AE E438  F74B 6211 AA3B [0041 1886]
Real Linus Torvalds: ABAF 11C6 5A29 70B1 30AB  E3C4 79BE 3E43 [0041 1886]

Search Result of 0x6092693E: https://pgp.mit.edu/pks/lookup?search=0x6092693E&op=index
Fake Greg Kroah-Hartman: 497C 48CE 16B9 26E9 3F49  6301 2736 5DEA [6092 693E]
Real Greg Kroah-Hartman: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 [6092 693E]

Everyone,
> In short, that cutting a fingerprint in order to get a (32- or 64-bit) short
> key ID is the worst of all worlds, and we should rather target either always
> showing full fingerprints, or not showing it at all
> (and leaving all the crypto-checking bits to be done by the software, as comparing
> 160-bit strings is not natural for us humans). - Gunnar Wolf

DO NOT TRUST ANYTHING SHORTER THAN THE FINGERPRINTS.

[0] http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html
[1] http://gwolf.org/node/4070

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ