RE: PGP spoof decrypted output?

From: McAllister, Andrew (McAllisterAat_private)
Date: Fri Jun 07 2002 - 06:56:30 PDT

Next message: quentynat_private: "Re: Phone Switches + telephone banking etc"

Previous message: Vachon, Scott: "RE: Phone Switches + telephone banking etc"
Maybe in reply to: McAllister, Andrew: "PGP spoof decrypted output?"
Next in thread: Rich Henning: "Re: PGP spoof decrypted output?"
Reply: Rich Henning: "Re: PGP spoof decrypted output?"
Reply: Tony: "RE: PGP spoof decrypted output?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, I know signed e-mail is easy to spoof, most people never verify sigs etc.

My real concern has more to do with the automated transmission of encrypted data files. My University sends data files to and from various business partners using FTP and other mechanisms. Since FTP is clear text everything, we decided to PGP encrypt and sign all files prior to transmission and we never allow unencrypted files on a public machine. All of this encryption/decryption is done in BATCH mode with scripts.

Seems at least somewhat safe? Not really. 

As an example (we do NOT actually do this)...
Assume I transmit via FTP our payroll direct deposit data to the bank's ftp site. The file is encrypted and signed with PGP, only the bank can decrypt and verify. That much appears true.
Now, a hacker has been sniffing the wire and sees my ftp ID/password combo.
He/she logs in to the bank FTP site and APPENDS data in clear text to the end of the payroll.pgp file.
Twenty minutes later a bank script sees the file, moves it, and decrypts it with a "pgp +force" (batch mode) command. 

What result would you expect? The data I encrypted or the data the hacker appended? The answer: No warnings, no errors, just the data that the hacker APPENDED to my PGP encrypted file. Not the original signed and encrypted file itself. This seems like a bug to me, no?

After a little more experimentation.....
I've found that if you ASCII armor the file, the result is as expected after decryption. You get only the originally encrypted file. I have not tested gpg or pgpi or older versions, just the NAI PGP available from the MIT download site. Anyone care to test the other implementations?

Does anyone think this is worth taking to NAI even though they aren't really supporting PGP anymore?

Andrew McAllister
University of Missouri

> -----Original Message-----
> From: Olaf Kirch [mailto:okirat_private]
snip
> [-- PGP output follows (current time: Fri Jun  7 13:45:05 2002) --]
> gpg: Signature made Fri Jun  7 13:44:59 2002 CEST using DSA 
> key ID DEADBEEF
> gpg: Good signature from "Olaf Kirch <okirat_private>"
> [-- End of PGP output --]
> 
> [-- The following data is signed --]
> 
> Spoofing unaware PGP users can be simple. I am sure you all 
> noticed that
> this message isn't PGP signed at all, but I guess there's quite
snip

Next message: quentynat_private: "Re: Phone Switches + telephone banking etc"
Previous message: Vachon, Scott: "RE: Phone Switches + telephone banking etc"
Maybe in reply to: McAllister, Andrew: "PGP spoof decrypted output?"
Next in thread: Rich Henning: "Re: PGP spoof decrypted output?"
Reply: Rich Henning: "Re: PGP spoof decrypted output?"
Reply: Tony: "RE: PGP spoof decrypted output?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 07 2002 - 09:18:31 PDT