We discussed with V. Klima about the "recent" bug in PGPdisk that
allowed extraction of key and data without the knowledge of passphrase.
The result is a *very*wild*hypothesis*.
Question 1: why haven't anybody noticed in three months? Why has not
there been a serious notice about it?
According to the paper, both "standard" .pgd and self-extracting SDA
(self-decrypting archives) are affected. Systematic backdoor maybe?
1) it is a hoax. Though with very low probability. The text seems to
include a lot of work and makes perfect sense (REPE CMPS, all the
assembly), i.e. we suppose it is highly improbable that somebody would
make such hoax. This can be either proven or disproven simply by
checking the Win program using hex editor/debugger (using an already
downloaded copy). I haven't had the time to check it yet (no Win).
2) AFAIK, Zimmerman is no longer in control of the company making PGP.
AFAIK the company (NAI) has been bought by another group couple of years
2002/03/08 - NAI drops PGP Desktop
2001/10/15 - NAI to sell PGP division
It may be therefore quite possible that NSA/CIA/FBI/etc. couldn't force
Zimmerman to compromise his own product directly, so they have bought
the company. The backdoor might have been introduced in the latest
releases (e.g. 8.x, 9.x).
3) there was a lazy programmer, or a programmer-infiltrator from the
ranks of intelligence services. What does one do when a cryptosystem
seems unbreakable? He circumvents it. AFAIK the code has been checked
many times in NAI, until some point in time.
As you all probably know, there has been a lot of mischief around
Zimmerman and PGP in the '90-ties. We don't think NSA/CIA/FBI/etc would
"just give up without fight". You know, the "three-line PERL RSA
implementations on T-shirts" and so on.
Code of PGPdisk 9.x looks like this according to the paper: when the
passphrase is changed, the key itself remains untouched. If at least the
encryption key has been encrypted by a symmetric key generated e.g. by
PBDFK2 from the passphrase.
Conclusion: it seems that NSA/CIA/FBI/etc. haven't called truce.
Thought, very clever solution. Nevertheless, nothing we haven't had
already seen in 1st/2nd world war tactics.
What do you think? Your input is welcome.
P.S. sorry for any misspellings of names
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]