Compass security AG warns: ignorant PGP users disclose confidential data in the Internet to Rapperswil, March 25, 2009 numerous users of the PGP encryption function to absurdity the procedure. This has found the Swiss ICT security specialist compass security AG. Are you Google the text string filetype: asc intext: \”BEGIN PGP PRIVATE KEY BLOCK\”, so the search engine spits out several hundred PGP private keys. They have made user out of ignorance or mistake in combination with the key pair in the network and not suspecting that they open the gates data thieves so. The principle of the PGP encryption works as follows: the user has a public and a private key.
Exchanging data securely, the recipient’s public key is required to encrypt, to decrypt the private. So that the sender can encrypt, it is useful to place the public key in the Internet. However, the private key is secret and should ensure the access security. If now someone Accidentally\”which provides complete pair on its Web page, represents a dangerous vulnerability, since confidential data can be decrypted. To decrypt the content, a passphrase is required though, but experience has shown that most users define very simple passwords.
Compass has to demonstrate the tool CodeSnapper\”developed a dictionary attack can be carried out with the. It’s amazing how announce many people of your private key in the Internet\”, Director Germany at Compass explains Marco Di Filippo, regional. Became aware of I am by coincidence. Someone sent me a signed message. When I wanted to download the public key on his site, I discovered that he has published the complete key pair there. So the search began for those who make the same mistake. \”The result: less than 250 hits.\” The following link is found in this overview: contact/brandyarcoiz.asc. This It is a key pair for demo purposes published by compass. \”Wargoogling: tell me your name and I will tell you your password\” the PGP keys, however, are not the only vulnerabilities that make use out of the towering search options from Google.