A security bug in PGP products?
Jon Callas
jon at callas.org
Tue Aug 22 10:56:09 EDT 2006
On 21 Aug 2006, at 3:36 PM, Max A. wrote:
> Hello!
>
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?
>
> http://www.safehack.com/Advisory/pgp/PGPcrack.html
>
> The text there looks to me rather obscure with a lot of unrelated
> stuff.
>
The guy's basically confused. I wrote a long thing at the time to
bugtraq with lots of detail. He's got two basic claims.
The first is that if he makes a copy of a disk file, changes the
passphrase on the copy, and then uses a hex editor to paste the
passphrase reduction back onto the copy. Poof, the old passphrase
works again. This is like saying that you can use emacs to edit a
file and change "123" to "ABC" and then use a hex editor to change
0x41 0x42 0x43 to 0x31 0x32 0x33 and ZOMG! The change magically
vanishes! As Ondrej Mikle points out, the disk hasn't been re-
encrypted. If you want the disk to be re-encrypted, you press the big
"Re-encrypt" button in panel.
The other thing he did was that he found some code that basically does:
if (user-types-right-passphrase)
then
mount-the-disk
else
display-error
endif
And then he patches out the if statement and notices that the disk
will mount, but curiously is lots of random garbage. He leaves as an
open problem how to make the disk readable after patching out the if
statement.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list