BOSTON (05/26/2000) - A security flaw has been discovered in the process by which an older version of Pretty Good Privacy (PGP) reads random numbers, making the cryptographic keys produced by this release of the popular encryption program potentially insecure.
The flaw was found in the PGP 5.0i code base and is specific to Linux and OpenBSD.
According to security researchers, PGP 5.0, created by PGP Inc., now owned by Network Associates Inc. in Santa Clara, California, creates public- or private-key pairs with little or no amount of randomness under certain circumstances.
PGP must gather random numbers from reliable sources so that the keys can't be predicted by attackers. Versions 2.x and 6.5 of PGP aren't affected, nor are PGP versions ported to other platforms. Network Associates recently began shipping PGP 7.0. The company wasn't available for comment by press time.
The problem was discovered by Germano Caronni, a researcher in the security research group at Palo Alto-California-based Sun Microsystems Inc., who doesn't speak onbehalf of the company. The PGP flaw was verified by other researchers and then posted to the widely distributed Bugtraq security list.
"If I, as a user, wanted to send someone a message using PGP, I would first want to confirm that they were not generating their key with the bad version; otherwise, the crypto isn't very useful," said PGP user Lenny Foner, a cryptography and public policy researcher in Somerville, Massachusetts. "And there is no easy and secure way to do that except to call them on the phone and ask how they generated their key."
Caronni said he was astonished to find the flaw in code that had been publicly available for more than a year. Software such as PGP 5.0 is considered more secure because it's in the public domain and can be reviewed by the technical community.