On 21 Aug 2006, at 3:36 PM, Max A. wrote:

Hello!

Could anybody familiar with PGP products look at the following page
and explain in brief what it is about and what are consequences of the
described bug?

http://www.safehack.com/Advisory/pgp/PGPcrack.html

The text there looks to me rather obscure with a lot of unrelated stuff.


The guy's basically confused. I wrote a long thing at the time to bugtraq with lots of detail. He's got two basic claims.

The first is that if he makes a copy of a disk file, changes the passphrase on the copy, and then uses a hex editor to paste the passphrase reduction back onto the copy. Poof, the old passphrase works again. This is like saying that you can use emacs to edit a file and change "123" to "ABC" and then use a hex editor to change 0x41 0x42 0x43 to 0x31 0x32 0x33 and ZOMG! The change magically vanishes! As Ondrej Mikle points out, the disk hasn't been re- encrypted. If you want the disk to be re-encrypted, you press the big "Re-encrypt" button in panel.

The other thing he did was that he found some code that basically does:

if (user-types-right-passphrase)
then
        mount-the-disk
else
        display-error
endif

And then he patches out the if statement and notices that the disk will mount, but curiously is lots of random garbage. He leaves as an open problem how to make the disk readable after patching out the if statement.

        Jon


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to