TL;DR: Principal maintainer of the GnuPG FAQ, Robert J. Hansen, recently disclosed “unknown actors deployed a certificate spamming attack against two high-profile contributors in the OpenPGP community,” namely himself and Daniel Kahn Gillmor. Fearing mitigation to be too far off, he advised users “stop retrieving data from the SKS keyserver network.”
Certificate Spamming Attack Against Two High-Profile Contributors to OpenPGP
Johns Hopkins cryptography instructor Matthew Green summarized the event as someone “spamming the keys of certain GnuPG contributors with huge numbers of extra signature attestations, and GnuPG can’t deal with it.”
Recently, the attack managed to exploit an OpenPGP protocol gap that allows the poisoning of certificates. “Anyone who attempts to import a poisoned certificate into a vulnerable OpenPGP installation will very likely break their installation in hard-to-debug ways,” Hansen explained. “Poisoned certificates are already on the SKS keyserver network. There is no reason to believe the attacker will stop at just poisoning two certificates. Further, given the ease of the attack and the highly publicized success of the attack, it is prudent to believe other certificates will soon be poisoned.”
Hansen further revealed the attack cannot be lessened or solved in “any reasonable time period,” though future releases “will likely have some sort of mitigation, but there is no time frame.” This kind of attack has been possible, he acknowledged, for a decade. Calling it “devastating,” Hansen’s takeaways do indeed read bleak.
Simply fetching a poisoned cert will break your GnuPG install, he posted. Such certs cannot be deleted from the keyserver. Though only a few occurrences/instances now, by simple logic their number will only grow … and that’s without knowing whether attackers plan or have poisoned other certificates. “We do not even know the scope of the damage,” Hansen stressed, noting the main use of OpenPGP is verifying packages for Linux-based operating systems, and the tool of choice is GnuPG.
“If someone were to poison a vendor’s public certificate and upload it to the keyserver network,” Hansen continued, “the next time a system administrator refreshed their keyring from the keyserver network the vendor’s now-poisoned certificate would be downloaded. At that point upgrades become impossible because the authenticity of downloaded packages cannot be verified. Even downloading the vendor’s certificate and re-importing it would be of no use, because GnuPG would choke trying to import the new certificate. It is not hard to imagine how motivated adversaries could employ this against a Linux-based computer network,” he insisted.
DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.
CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.