A security bug in PGP products?
Dave "No, not that one" Korn
davek_throwaway at hotmail.com
Tue Aug 22 09:21:18 EDT 2006
Max A. wrote:
> Hello!
>
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?
1. The disk is encrypted using a long, secure, random, symmetric
en/de-cryption key. (EDK for short).
2. The EDK is encrypted with a passphrase and stored in a header at the
start of the encrypted disk
3. If you change the passphrase on the disk, it simply reencrypts the EDK
using the new passphrase. It does not generate a new EDK and it does not
re-encrypt the entire disk.
4. Therefore the EDK itself is still the same, and if you overwrite the new
header (with the EDK encrypted by the new passphrase) using a stored copy of
the old header (with the same EDK encrypted under the old passphrase), you
have effectively changed the passphrase back - without having to have
knowledge of the new passphrase - and can now regain access using the old
passphrase.
The guy who wrote that page posted a thread about it a while ago, I think
it was on FD or perhaps Bugtraq. His interpretation is somewhat coloured by
his transparent belief that these are big corporate monstrosities and hence
/must/ be evil. His website is full of significant
exaggerations/inaccuracies; for instance, when he claims that you can break
the decryption using a debugger, he forgets to mention that this only
applies to a disk where you originally knew the passphrase and have since
changed it. It's more of a usage/documentation issue, really; an end-user
might believe that changing the passphrase re-encrypted the entire disk
beyond their ability to retrieve it.
cheers,
DaveK
--
Can't think of a witty .sigline today....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list