PGP security flaw found

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
PGP security flaw found

Two researchers published a paper Thursday revealing a major hole in Network Associates PGP encryption software. The hole, acknowledged by Network Associates, has existed since 1977 when the original developer of PGP added a data-recovery feature for corporate users. The attack allows the addition of new keys to a user’s public-key certificate which can then be used to decrypt any message encrypted using Unix and Windows versions of Network Associates PGP software 5.5 through 6.5.3. The attack is difficult to perform and Network Associates, peeved that the researchers did not inform them before published the flaw, says it will have a fix tomorrow.

For more information, read the source article at nwfusion.com or the paper at senderek.de.

Author