Fw: A security bug in PGP products?

Dave Korn dave.korn at artimi.com
Tue Aug 22 14:16:15 EDT 2006 

[ Originally tried to post this through gmane, but it doesn't seem to work;
apologies if this has been seen before. ]

Max A. wrote:
> Hello!
> 
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?


1.  The disk is encrypted using a long, secure, random, symmetric
en/de-cryption key.  (EDK for short).
2.  The EDK is encrypted with a passphrase and stored in a header at the
start of the encrypted disk
3.  If you change the passphrase on the disk, it simply reencrypts the EDK
using the new passphrase.  It does not generate a new EDK and it does not
re-encrypt the entire disk.
4.  Therefore the EDK itself is still the same, and if you overwrite the new
header (with the EDK encrypted by the new passphrase) using a stored copy of
the old header (with the same EDK encrypted under the old passphrase), you
have effectively changed the passphrase back - without having to have
knowledge of the new passphrase - and can now regain access using the old
passphrase.

  The guy who wrote that page posted a thread about it a while ago, I think
it was on FD or perhaps Bugtraq.  His interpretation is somewhat coloured by
his transparent belief that these are big corporate monstrosities and hence
must be evil.  His website is full of significant
exaggerations/inaccuracies; for instance, when he claims that you can break
the decryption using a debugger, he forgets to mention that this only
applies to a disk where you originally knew the passphrase and have since
changed it.  It's more of a usage/documentation issue, really; an end-user
might believe that changing the passphrase re-encrypted the entire disk
beyond their ability to retrieve it.


    cheers,
      DaveK
--
Can't think of a witty .sigline today....


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list