On this mailing list we sometimes see requests for help from people
running dangerously antique versions of GnuPG. Wasn't all that long ago
I was asked for help with something in the 1.2 series (!!). Without
exception, our first response is usually "for the love of God, upgrade!"
They rarely do. It's worked fine for them for a decade or more, and
they're not going to change...
On another mailing list I shared the story of how an AES256-encrypted
drive was bypassed by law-enforcement and the plaintext recovered. The
subject was using PGPdisk 6.0.2 on a Windows XP laptop, hibernated it,
and the AES key was written to disk where a forensic examiner later
picked it up.
This didn't happen because of bugs in either PGPdisk or Windows XP: it
was entirely due to the user ignoring Network Associates when they
warned him, "PGPdisk 6.0.2 was never designed for Windows XP and you
might be putting your data at risk by using it."
Interested in the full story? The write-up is below.
Not interested? Skip it, but please remember to upgrade your GnuPG
installation at least every few years. :)
=
=
=
> Technically, your team didn't break (or crack) AES256, it
> merely spotted the key (no small feat for sure!)
(Long and nerdy. All of this history is off the top of my head, no
notes. I may be in error in some places.)
Depends on how one considers side channel attacks! It's true that we
didn't successfully cryptanalyze the AES256 cipher, but we mounted a
successful attack on a *correctly-implemented* AES256 system. (That
"correctly-implemented" thing matters.)
PGPdisk 6.5.8-CKT is a misnomer. Network Associates, Inc., stopped
publishing PGPdisk source code after version 6.0.2. When NAI stopped
publishing PGP source code in late 2000, a group of hacktivists,
"Cyber-Knights Templar", led by a guy named Imad Faiad, took the last
published source code for 6.5.8 and used it to build their own version,
6.5.8-CKT. When people asked them to also include PGPdisk, Faiad took
the 6.0.2 PGPdisk source code, built PGPdisk 6.0.2, and included it in
the 6.5.8-CKT package.
Why does this matter?
'01 was a very interesting year for home computing. That was the year
Windows XP was released to home users. Prior home editions of Windows
were fundamentally MS-DOS... MS-DOS pushed as far as it could humanly
go, sure, but still MS-DOS.
There are two big mistakes people make when discussing Windows 95: one
is to think it was a graphical version of MS-DOS (it wasn't, it had
genuine hard breaks from its MS-DOS heritage), and the other is to think
it wasn't (it was, as evidenced by how it had to launch a new MS-DOS
instance, at least briefly, for every program it ran, including native
32-bit Windows ones).
Part of it being MS-DOS meant that pretty much every bit of hardware had
its own specialized device driver. Yes, we had laptops in 1995-2001
that could hibernate when you closed the lid -- but only if you had a
specialized device driver for your laptop (to make Windows aware of what
to do), and good luck with application support for hibernation.
Application developers couldn't be expected to support every device
driver directly!
This meant that PGPdisk 6.0.2 was *correctly written* for that era. It
wasn't aware of hibernation events because, well, pretty much nothing
was except Windows, and even then only with custom drivers loaded.
Then in August of 2001, Microsoft switched the consumer version of
Windows from MS-DOS to Windows NT. (Yes, every version of Windows from
Windows 2000 onwards is actually Windows NT. And Windows NT is
basically OpenVMS with the serial numbers filed off. Microsoft hired
Dave Cutler to design "Windows New Technology", and Cutler was the chief
architect of OpenVMS. Windows NT is basically a next-generation
OpenVMS, the same way MacOS is a next-generation NeXTSTEP.)
Anyway. We never saw *good* hibernation support in consumer grade
hardware until Windows XP... released August of 2001.
(Kinda true. Microsoft actually finally found a hackish way to do it
tolerably well in Windows Me, in 1999. But since all of about four
people worldwide bought Windows Me, we can discount this. Windows 2000
introduced good hibernation support, but that was a
business-and-enterprise Windows version. Windows XP was when it became
common in consumer-grade Windows.)
Whew. I'm getting somewhere, I promise.
So, post-XP, Microsoft had a standard, uniform way to do hibernation.
The user signals a hibernation event, and Windows in turn blasts a
message to each process saying "WE'RE CLOSING UP SHOP, WIPE ALL YOUR
SENSITIVE STUFF."
But that message wasn't standardized until Windows 2000!
PGPdisk 6.0.2 was released in ... '98, I think? There's absolutely no
way PGPdisk could have known about it. And so, when it received that
notification, it does what every application does when it gets an
advisory message it doesn't know what