A security bug in PGP products?

Alexander Klimov alserkli at inbox.ru
Wed Aug 23 09:22:47 EDT 2006

On Mon, 21 Aug 2006, Max A. wrote:
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?
> http://www.safehack.com/Advisory/pgp/PGPcrack.html
> The text there looks to me rather obscure with a lot of unrelated stuff.

The system works as follows: a random key K is used to encrypt all the
data on the volume; the passphrase is used to encrypt the key K. This
design allows to change the passphrase without reencrypting the whole
drive (only K needs to be reencrypted). One well-known side-effect is
that if one knows K he can decrypt the data. So, if an attaker knows
the password and can read your volume image at some point at time, he
can decrypt the volume even if you change the password (recall that
you have not changed the key).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list