What they're saying is if you change the password, create some new data in the encrypted folder, then someone who knew the old password, can decrypt your new data.
Why? Well because when you change the password they dont change the symmetric key used to encrypt the data. The password is used to create a KEK (key encryption key) and this in-turn is used to encrypt the folder key (which is used to do the actual data encryption.) Now in common with a lot of other systems, changing the password does not entail re-encrypting the actual data. (To do so would require waiting for it to re-encrypt. There are systems that do this, but it is a tradeoff, espeically in a single-user scenario) Personally my preferred security property (in a multi-user storage system where users can be added and removed) is that people who had access can still decrypt the stuff they had access to, but can't decrypt new data encrypted since then. I think its a good balance because that person had the data anyway, and could remember it, have backups of it etc. Another thing that can be done is to utilize an online server, which has an additional key such that it cant decrypt, but can hand it over on successful auth and can delete that key on request. Obviously the key would be combined in a one-way fashion so the server does not have to be trusted other than to delete keys on request. However the article also talks about forensics, and I think they maybe confusing something there because most encrypted content is not authenticated anyway (you can merrily switch around ciphertext blocks without triggering any integrity warnings at the crypto level). And anyway if the forensic investigator has the password, he can change anything! -- symmetric encryption keys known to others are not signatures. Adam On Mon, Aug 21, 2006 at 03:36:16PM -0700, Max A. wrote: > Hello! > > Could anybody familiar with PGP products look at the following page > and explain in brief what it is about and what are consequences of the > described bug? > > http://www.safehack.com/Advisory/pgp/PGPcrack.html > > The text there looks to me rather obscure with a lot of unrelated stuff. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]