GNUPG/GPG/OpenPGP keyservers under attack

gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

The Consequences
We've known for a decade this attack is possible. It's now here and it's devastating. There are a few major takeaways and all of them are bad.

If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation.
Poisoned certificates cannot be deleted from the keyserver network.
The number of deliberately poisoned certificates, currently at only a few, will only rise over time.
We do not know whether the attackers are intent on poisoning other certificates.
We do not even know the scope of the damage.
That last one requires some explanation. Any certificate may be poisoned at any time, and is unlikely to be discovered until it breaks an OpenPGP installation.

The number one use of OpenPGP today is to verify downloaded packages for Linux-based operating systems, usually using a software tool called GnuPG. If someone were to poison a vendor's public certificate and upload it to the keyserver network, the next time a system administrator refreshed their keyring from the keyserver network the vendor's now-poisoned certificate would be downloaded. At that point upgrades become impossible because the authenticity of downloaded packages cannot be verified. Even downloading the vendor's certificate and re-importing it would be of no use, because GnuPG would choke trying to import the new certificate. It is not hard to imagine how motivated adversaries could employ this against a Linux-based computer network.

Mitigations
At present I (speaking only for myself) do not believe the global keyserver network is salvageable. High-risk users should stop using the keyserver network immediately.

Users who are confident editing their GnuPG configuration files should follow the following process:

Open gpg.conf in a text editor. Ensure there is no line starting with keyserver. If there is, remove it.
Open dirmngr.conf in a text editor. Add the line keyserver hkps://keys.openpgp.org to the end of it.
keys.openpgp.org is a new experimental keyserver which is not part of the keyserver network and has some features which make it resistant to this sort of attack. It is not a drop-in replacement: it has some limitations (for instance, its search functionality is sharply constrained). However, once you make this change you will be able to run gpg --refresh-keys with confidence.

THE GLOBAL KEYSERVER NETWORK IS PERMANENTLY FUCKED

This is the face of the man that accidentally all of PGP and then did nothing about it for 10 years until someone finally decided to press the button.

Attached: Robert J. Hansen.jpeg (400x400, 13.13K)

(You)

Attached: retard.png (660x648, 130.3K)

That's why it isn't a RCE vulnerability but a DoS.
Cniles BTFO

who the fuck cares? keyservers are useless garbage.
longpoke.github.io/f37c5de221cb361db07f046b31047f329ddb2ca2fe3ab5b674c858a6686c5151.html
just host the entire key on your website (oh no 1KB on top of your 10MB page) or give it to the one you want to communicate with in person, instead of a fingerprint
the whole reason the keyservers exist is to support the web of trust which is actual retarded nonsense
not surprising at all
jokes on you, nobody does this anyway, except a few retards who think its good practice due to some vague combination of misconceptions

holy fuck this is one step above keyserver retardation.

"ify"
in after phone messenger of the week. fucking christ

>

The web of trust isn't nonsense, it's the only sane way to do things, but what keyservers fuck up is that the WoT is an inherently local affair. Having a global web of trust makes little sense (it's basically just pseudodecentralized PKI) and is what got us into this mess.

a cnile

based

I'm trying imagining being as retarded as you but I simply can't.
signify is the tool used by the OpenBSD maintainers so sign their releases. This isn't some "phone messenger of the week" tier bullshit.
kill yourself

unbased

>keys.openpgp.org is a new experimental (((keyserver))) which is not part of the keyserver network and has some (((features)))
At this point, it should be asked - is the 'fix' installing a backdoor from "a new experimental (((keyserver)))"?

This would normally be a Masters thesis, or if extended an additional Ph.D. Yet none occurred in the last decade even though the software is fundamental. Weird.

If you want to rate other people's posts so bad go back to reddit, nigger.

unbased and unsaged

Kill yourself.

unbased and unsaged

Even if the OpenPGP WoT was sound (it isn't remotely. read the article), nobody even tries to use it "properly".
longpoke.github.io/f37c5de221cb361db07f046b31047f329ddb2ca2fe3ab5b674c858a6686c5151.html

it was a good assumption
lol
well, it can't be worse than an OpenPGP client

spotted the LARPer

stfu nigger, 99.99999% of things with the suffix -ify are trash.
even looking up "signify pgp" on a search engine (yes, i don't follow OpenBSD, I don't give a fuck about UNIX), i got a page with (hilariously) the same pseudo PGP usage as people have done for the last 30 years, from a webscale IoT company:
signify.com/global/product-security

actually it was ""signify" public key" that got me to that link the first time. you cannot be more wrong. there is literally a webshit company with the same name as your tool

yeah, you're retarded

im not even trying to start arguments with you, but you keep replying to all my posts with one-liners that barely constitute a coherent response to my posts. it's like you have a dictionary of 50 memes and you pick the closest one that could be used as a reply to my post
the absolute state of the English web

the absolute state of (You)

that doesn't even make sense, that's not what i said
you're just proving my point
and this also makes no sense. search engine mainly only yields the webshit site, not the crypto tool

LARPer

i cant even comprehend what level of misconception you're on at this point. i'd need to work it out on paper. this is either some next level trolling the most retarded shit ive ever seen. im done replying.

LARPer

I wonder who is behind these posts....

I explicitly stated that it is LOCAL, not global as it gets advertised. Read properly yourself before you tell me to.

I need a compilation of terry saying nigger

Who are you quoting?

You're right. I couldn't comprehend the part about the WoT being "a local affair". What would that mean? Is this just a simple address book (i.e mapping between names that you choose yourself and public keys) or something more complicated? How can a WoT be local?

*I may or may not come back to this thread as 8gag is now more unusable than the worst website imagineable (reddit). Endchan exodus when*

It means that a rating is not globally meaningful, and especially not meaningful enough to be automatically interpreted. "XYZ trusts ABC by a value of 5" - what does this mean? Ask XYZ to find out. They actually use meaningless phrases instead of meaningless numbers, but this makes the principle clearer.

In your local group, you may be able to agree on a meaning of a rating, but even that's not necessary. You can just as easily ask XYZ (in person, via secure comms, whatever) what you want about ABC; he rated him, so he should know something. The original intent is to find out that "this key really belongs to ABC", but obviously you can use this mechanism for just about anything else. For instance, in Bitcoin, there used to be not sure if it still exists a WoT to check for trustworthy/scamming traders, where people who rated often agreed to give you more info on the person when questioned.