OpenPGP Certificate Flooding
Posted date 03/07/2019
Robert J Hansen and Daniel Kahn Gillmor, maintainers of the OpenPGP protocol, have been victims of a cyberattack caused by functionalities in the design of PGP, which are that it has no limit on the number of signatures for a certificate and that the SKS servers replicate the content so that it can not be deleted.
The attacker has added a large number of signatures to the victims' public certificates, increasing their size to the point where OpenPGP implementations cease to work because they cannot be processed.
Although these problems were already known, those affected qualify this act as gratuitous vandalism, since they do not understand the objective of the attack beyond ruining their work.
References
-
01/07/2019blogthinkbig.com
Etiquetas