Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Key Validity Attack

Posted by michael on from the key-to-the-city dept.

Sieuwert van Otterloo writes: "I have discovered a new attack on PGP. It allows one to introduce an invalid key as valid in the network of trust. All information is on www.bluering.nl/pgp. Network Associates has confirmed the problem and made a patch. The attack is officially published in a talk at the university of Utrecht this afternoon, (4 september 15:00 CET)." Network Associates has a page up, and patches.

1 of 5 comments (clear)

  1. PGP has a user interface? by epsalon · · Score: 2, Insightful

    Last time I've checked, neither PGP not GPG had any user-interface other than command line, and a key has only one name/e-mail address attached to it.
    What are they talking about???

    --

    Make even shorter URLs - 8LN.org