Fake PGP Keys For Crypto Developers Found 110
IamTheRealMike (537420) writes "In recent months fake PGP keys have been found for at least two developers on well known crypto projects: Erinn Clark, a Tor developer and Gavin Andresen, the maintainer of Bitcoin. In both cases, these PGP keys are used to sign the downloads for popular pieces of crypto software. PGP keys are supposed to be verified through the web of trust, but in practice it's very hard to find a trust path between two strangers on the internet: one reply to Erinn's mail stated that despite there being 30 signatures [attached to] her key, [the respondent] couldn't find any trust paths to her. It's also very unclear whether anyone would notice a key substitution attack like this. This leaves three questions: who is doing this, why, and what can be done about it? An obvious candidate would be intelligence agencies, who may be trying to serve certain people with backdoored binaries via their QUANTUMTHEORY man-in-the-middle system. As to what can be done about it, switching from PGP to X.509 code signing would be an obvious candidate. Both Mac and Windows support it, obtaining a forged certificate is much harder than simply uploading a fake PGP key, and whilst X.509 certs can be issued in secret until Google's Certificate Transparency system is fully deployed, finding one would be strong evidence that an issuing CA had been compromised: something that seems plausible but for which we currently lack any evidence. Additionally, bad certificates can be revoked when found whereas beyond making blog posts, not much can be done about the fake PGP keys."
Re:The chain of trust is broken. (Score:5, Interesting)
Well; interestingly enough, the summary is proposing moving to X.509 which would rely on the chain of trust and which would be vulnerable. Exactly the problem of simple chains of trust is what meant that the Stuxnet virus had device drivers that only required a single signature from a company authorized by Microsoft in order to be automatically loaded by Windows.
This is probably a false-flag operation trying to trick software developers into moving over to X.509 where a false certificate attack like this might never be detected.
Re: x.509 WTF? (Score:5, Interesting)
The thing is, you're wrong and your own post shows that.
Firstly, we have no evidence of any CA being compromised by intelligence agencies despite the obvious appeal to them of doing so. This is remarkable. Despite the huge number of Snowden documents so far none of them have even hinted at compromise of the CA infrastructure. What we have seen a lot of discussion of is ways of circumventing it by stealing private keys directly from end users, and doing MITM on non-SSLd connections of which there are plenty.
Nobody can rule out that some CA is in fact minting false certificates for intelligence agencies. But so far nobody has presented any evidence of it.
Your Stuxnet example proves my point and disproves yours. They didn't use a false certificate there - they hacked the end user (a hardware manufacturer) to obtain their private key. Well guess what, you can steal PGP keys in the same way, nothing magical about that.