PGP Insecurity

[Ralph Cohen]

After all the recent messages about PGP encryption, I thought that the
following news item might be of interest.

NEW YORK (AP) - E-mails that have been scrambled for confidentiality
with a widely used program may not be secure at all, software company
Network Associates Inc. said Thursday. The company confirmed that
e-mails encrypted using its PGP (Pretty Good Privacy) software may be
vulnerable to a sophisticated attacker. A PGP spokesman said a fix
for the problem would soon be posted on the PGP Web site and
customers would be informed. PGP is used by 7 million people
worldwide, according to Wallach. Some businesses use it to send
confidential documents. To communicate privately, a sender uses a
number called the "public key," given by the recipient, to encode the
message. The flaw lies in an attacker's ability to tamper with the
key, which is often stored on public servers. An e-mail created using
a tampered key can be read by the attacker. See
http://www.infobeat.com/stories/cgi/story.cgi?id=2569169146-8a5


Ralph Cohen

rpcohen@neurotron.com