To sign or not to sign: Practical vulnerabilities in GPG & friends
49016, Liam
39th Chaos Communication Congress (39C3): Power Cycles · Day 1 · Saal One
In this revealing talk from 39C3, security researchers Lexi (49016) and Liam delved deep into the often-assumed impenetrable world of **Pretty Good Privacy (PGP)** and its most prevalent implementation, **GNU Privacy Guard (GPG)**. Their presentation, titled "To sign or not to sign: Practical vulnerabilities in GPG & friends," systematically exposed a staggering array of security flaws across various facets of PGP, ranging from fundamental parsing errors in signature verification to critical memory safety issues and design shortcomings in its trust model. The speakers, both seasoned CTF players, leveraged their expertise in web challenges and binary exploitation to uncover vulnerabilities that challenge the very foundation of digital trust.