A security bug in PGP products?

Dave "No, not that one" Korn davek_throwaway at hotmail.com
Tue Aug 22 09:21:18 EDT 2006

Max A. wrote:
> Hello!
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?

1.  The disk is encrypted using a long, secure, random, symmetric 
en/de-cryption key.  (EDK for short).
2.  The EDK is encrypted with a passphrase and stored in a header at the 
start of the encrypted disk
3.  If you change the passphrase on the disk, it simply reencrypts the EDK 
using the new passphrase.  It does not generate a new EDK and it does not 
re-encrypt the entire disk.
4.  Therefore the EDK itself is still the same, and if you overwrite the new 
header (with the EDK encrypted by the new passphrase) using a stored copy of 
the old header (with the same EDK encrypted under the old passphrase), you 
have effectively changed the passphrase back - without having to have 
knowledge of the new passphrase - and can now regain access using the old 

  The guy who wrote that page posted a thread about it a while ago, I think 
it was on FD or perhaps Bugtraq.  His interpretation is somewhat coloured by 
his transparent belief that these are big corporate monstrosities and hence 
/must/ be evil.  His website is full of significant 
exaggerations/inaccuracies; for instance, when he claims that you can break 
the decryption using a debugger, he forgets to mention that this only 
applies to a disk where you originally knew the passphrase and have since 
changed it.  It's more of a usage/documentation issue, really; an end-user 
might believe that changing the passphrase re-encrypted the entire disk 
beyond their ability to retrieve it.

Can't think of a witty .sigline today.... 

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list