A security bug in PGP products?

Jon Callas jon at callas.org
Tue Aug 22 10:56:09 EDT 2006

On 21 Aug 2006, at 3:36 PM, Max A. wrote:

> Hello!
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?
> http://www.safehack.com/Advisory/pgp/PGPcrack.html
> The text there looks to me rather obscure with a lot of unrelated  
> stuff.

The guy's basically confused. I wrote a long thing at the time to  
bugtraq with lots of detail. He's got two basic claims.

The first is that if he makes a copy of a disk file, changes the  
passphrase on the copy, and then uses a hex editor to paste the  
passphrase reduction back onto the copy. Poof, the old passphrase  
works again. This is like saying that you can use emacs to edit a  
file and change "123" to "ABC" and then use a hex editor to change  
0x41 0x42 0x43 to 0x31 0x32 0x33 and ZOMG! The change magically  
vanishes! As Ondrej Mikle points out, the disk hasn't been re- 
encrypted. If you want the disk to be re-encrypted, you press the big  
"Re-encrypt" button in panel.

The other thing he did was that he found some code that basically does:

if (user-types-right-passphrase)

And then he patches out the if statement and notices that the disk  
will mount, but curiously is lots of random garbage. He leaves as an  
open problem how to make the disk readable after patching out the if  


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list