EVIL researchers dupe EVERY 32 bit GPG print

Researchers have found collision attacks for 32 bit GPG keys leaving the superseded technology well and truly dead.

Eric Swanson and Richard Klafter used graphical processing units to clone fingerprints for each 32 bit key id in Web of Trust strong set.

The feat took four seconds per key increasing the chance that human error could land users with attackers keys.

"32 bit key IDs were reasonable 15 years ago but are obsolete now," the duo said in a blog.

"Using modern GPUs, we have found collisions for every 32 bit key id in the Web of Trust's strong set.

"It is easy to generate and publish a key that looks identical if you only use 32 bits when specifying a key."

The research did not "break" GPG encryption but did erode its usability and increased the likelihood of human error, they said.

Swanson and Klafter used the Scallion tool to generate IDs with the same 32 bit ID which could compromise users who failed to run further identity checks.

Users are not warned if a given 32 bit ID may have a collision as key servers performed little verification.

"GPG simply imports whatever the key server sends. No verification of the response is done before importing."

Brisbane security bod and NCC Group Asia Pacific general manager Wade Alcorn expected similar issues to arise.

"With the price of computation decreasing it is fair to expect more and more issues that break the old assumed safe entropy lengths - collisions in GPG key IDs aren't going to be the last security issue of this kind we'll see," Alcorn said.

He urged users to diligently verify fingerprints to avoid being potential targets.

"So you don't become a victim to this vulnerability, it is essential to verify the fingerprint of the key and not just the key ID. Also, when comparing fingerprints it is best practice to do it programmatically as there are ways to generate key fingerprints that look similar when compared with the human eye."

Swanson and Klafter published a technical example of the collisions in their blog.

They said GPG should be designed to refuse operations when collisions occurred. ®