A security bug in PGP products?

Ondrej Mikle ondrej.mikle at gmail.com
Tue Aug 22 07:53:41 EDT 2006

Max A. wrote:
> Hello!
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?
> http://www.safehack.com/Advisory/pgp/PGPcrack.html

It seemed a bit obscure to me at first, but it says basically:

PGPdisk does not use key derived from passphrase, just does simply this:

if (somehash(entered_password) == stored_password_hashed) then 

That's the REPE CMPS chain instruction (string comparison). The check 
can be simply skipped using debugger by interrupting the program, 
changing CS:EIP (i.e. the place of execution) to resume after 
"successful" check. The text probably implies that the key is stored 
somewhere in the PGPdisk file and key's successful extraction does not 
depend on knowledge of the passphrase.

So if you change passphrase, the disk won't get re-encrypted, just by 
copy&pasting the old bytes you will revert to the old passphrase or you 
can create another disk with passphrase chosen by you and use 
copy&pasting method to decrypt other PGPdisk protected with passphrase.

I haven't checked myself if their claim is true, but it's possible.

Hope that helped
   O. Mikle

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list