Re: Weak encryption keys

Tue, 23 Mar 2021 18:22:12 -0700 

Vincent Pelletier wrote:

On Mon, 22 Mar 2021 17:32:14 -0500, Jacob Bachmeyer via Gnupg-users 
<gnupg-users@gnupg.org> wrote:
The difference is that you *know* an unencrypted key is lying around at risk of compromise, and you knowingly chose to take that risk when you chose to store the key unencrypted. 

Pardon my non-gpg-familiarity, but isn't a "weak key" completely
different from a (maybe) divulged key ?

  



There are two keys involved here:  a PGP private key that is stored 
encrypted under a symmetric key.  It appears that that symmetric key has 
been found to be weak.  If an attacker can obtain the encrypted blob and 
crack the symmetric encryption, the PGP key would be divulged.



AFAIK a weak key is a key that, when used, produces a result which is
easier to break than what the cipher promises. In other word, this
would be something specific to this very key, to the value of its
components being poorly chosen, and in no way related to how it was
stored/obfuscated itself.

  



The weak key in this case is the symmetric cipher key used to encrypt 
the PGP private key.



IOW, isn't this specific key one of the identified blowfish weak keys
classes ?
  https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors
Also:
  https://en.wikipedia.org/wiki/Weak_key

Meaning not only this key, but anything it signed and/or was encrypted
for (I did not check which one is affected), may be considered
compromised ?

  



The risk is that an attacker may be able to crack the encryption on the 
stored private key because it was encrypted with a weak key.  Given that 
PGP keys are very short, it is possible that Blowfish may be safe here, 
even with a weak key.  If this is the case, using an old version of GPG 
to import the affected private key and change the passphrase should fix 
the problem, since the symmetric key (and possibly algorithm) used to 
store the private key will then change.



If Blowfish is not safe under these circumstances (weak key encrypting a 
limited amount of data), then the PGP key in question should be presumed 
compromised and should be replaced.



-- Jacob

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users






















					Reply via email to