[38650] in cryptography@c2.net mail archive
Re: A security bug in PGP products?
daemon@ATHENA.MIT.EDU (Dave \"No, not that one\" Korn)
Sun Aug 27 11:45:59 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
From: "Dave \"No, not that one\" Korn" <davek_throwaway@hotmail.com>
Date: Tue, 22 Aug 2006 14:21:18 +0100
X-Complaints-To: usenet@sea.gmane.org
Max A. wrote:
> Hello!
>
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?
1. The disk is encrypted using a long, secure, random, symmetric
en/de-cryption key. (EDK for short).
2. The EDK is encrypted with a passphrase and stored in a header at the
start of the encrypted disk
3. If you change the passphrase on the disk, it simply reencrypts the EDK
using the new passphrase. It does not generate a new EDK and it does not
re-encrypt the entire disk.
4. Therefore the EDK itself is still the same, and if you overwrite the new
header (with the EDK encrypted by the new passphrase) using a stored copy of
the old header (with the same EDK encrypted under the old passphrase), you
have effectively changed the passphrase back - without having to have
knowledge of the new passphrase - and can now regain access using the old
passphrase.
The guy who wrote that page posted a thread about it a while ago, I think
it was on FD or perhaps Bugtraq. His interpretation is somewhat coloured by
his transparent belief that these are big corporate monstrosities and hence
/must/ be evil. His website is full of significant
exaggerations/inaccuracies; for instance, when he claims that you can break
the decryption using a debugger, he forgets to mention that this only
applies to a disk where you originally knew the passphrase and have since
changed it. It's more of a usage/documentation issue, really; an end-user
might believe that changing the passphrase re-encrypted the entire disk
beyond their ability to retrieve it.
cheers,
DaveK
--
Can't think of a witty .sigline today....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
