[38653] in cryptography@c2.net mail archive
Re: A security bug in PGP products?
daemon@ATHENA.MIT.EDU (Jon Callas)
Sun Aug 27 11:47:03 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <d3dac270608211536rf71a123xbb2ee55e467fe4d4@mail.gmail.com>
Cc: cryptography@metzdowd.com
From: Jon Callas <jon@callas.org>
Date: Tue, 22 Aug 2006 07:56:09 -0700
To: Max A. <maxale@gmail.com>
On 21 Aug 2006, at 3:36 PM, Max A. wrote:
> Hello!
>
> Could anybody familiar with PGP products look at the following page
> and explain in brief what it is about and what are consequences of the
> described bug?
>
> http://www.safehack.com/Advisory/pgp/PGPcrack.html
>
> The text there looks to me rather obscure with a lot of unrelated
> stuff.
>
The guy's basically confused. I wrote a long thing at the time to
bugtraq with lots of detail. He's got two basic claims.
The first is that if he makes a copy of a disk file, changes the
passphrase on the copy, and then uses a hex editor to paste the
passphrase reduction back onto the copy. Poof, the old passphrase
works again. This is like saying that you can use emacs to edit a
file and change "123" to "ABC" and then use a hex editor to change
0x41 0x42 0x43 to 0x31 0x32 0x33 and ZOMG! The change magically
vanishes! As Ondrej Mikle points out, the disk hasn't been re-
encrypted. If you want the disk to be re-encrypted, you press the big
"Re-encrypt" button in panel.
The other thing he did was that he found some code that basically does:
if (user-types-right-passphrase)
then
mount-the-disk
else
display-error
endif
And then he patches out the if statement and notices that the disk
will mount, but curiously is lots of random garbage. He leaves as an
open problem how to make the disk readable after patching out the if
statement.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
