Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore critical security vulnerabilities discovered in widely-used PGP implementations including GnuPG, Sequoia PGP, age, and minisign in this 49-minute conference talk from 39C3. Discover how implementation bugs in parsing code and other non-cryptographic components can lead to serious security flaws, including signature verification bypasses, encryption breaks, and memory corruption vulnerabilities. Learn about the research process that uncovered these zero-day vulnerabilities while investigating key management and signature internals for personal use cases. Examine how attackers without private keys could potentially swap plaintext in signed data due to parser confusion vulnerabilities. Understand the broader implications for secure communications and software updates that rely on these cryptographic utilities. Gain insights into the role of OpenPGP specifications, the challenges of implementing feature-rich evolving standards, and the responsible disclosure process for security vulnerabilities. Analyze the gap between mathematical cryptographic security and real-world implementation security, focusing on how bugs in data processing and parsing can undermine otherwise sound cryptographic foundations.
