From: Ulrik
> Sent: February-14-13 7:08 PM
>
> Using Vim 7.3 patches 1-547, this is not true, and it is trivially
> testable (otherwise I would not have claimed it).
I can confirm that several smaller test cases fail; details below.
> Using :set cm=blowfish :X goodenough
> I produced file A that ends with "I owe you 200 USD"
>
> using hex editor I flipped 1 single bit to produce file B, that ends
> with "I owe you 300 USD". You can diff the two binary files by using:
In the future sending a precise list of steps to reproduce the problem
is a much better bug report than a vague set of instructions and a
couple of file contents. To be honest, I was nervous using vim on your
file below because you could have been trying to exploit an unknown
security bug in vim. _Reporting_ a security bug would have been a
clever bit of social engineering. Please note, I'm not trying to say
anything about you or your intentions, just trying to describe my
state of thought at the time. Your file contents appear to me to be
good and non-malicious.
The original file contents are <<EOF
This is encrypted text.
This is encrypted text.
This is encrypted text.
This is encrypted text.
This is encrypted text.
I owe you 200 USD.
EOF
> a one-bit difference in the ciphertext leads to a one-bit difference in
> the plain text, and we have a false document and undedetected corruption.
Confirmed. Sadly. :-(
> Note: I didn't search or brute force this, I only counted the right byte
> offset in the file and flipped a bit. I really hope I am somehow
> mistaken, but I don't think I am.
You are correct. I have only tested altering the 9th last byte in the
crypttext. Why did you pick that byte to modify?
Vim needs more testing on this I think:
- what happens when bytes other than the 9th last are modified?
- exactly how much modification can be done before the file decrypts
to garbage like it's supposed to
- is there a range of bytes that are affected?
- are certain keys affected? Or all keys?
- is it something about the structure of the plaintext? The repetion
or the small size?
- what other characteristics of the bug can be determined?
- are other crypt methods affected?
I have tested tese contents <<EOF
adsfasdfasdfasdfasdf
asdmxzcvzxcvsdf980890asdf
sdafknzxclv890asdf90uamsdfm
xzcvklsadfnlasdf0
1,211.98 is my tax refund this year.
EOF
by doing
- vim -u NONE -U NONE S
- enter the text above
- :set cm=blowfish
- :X
- correcthorsebatterystaple
- <confirm key>
- :x
xxd < S > S.xxd gives me:
0000000: 5669 6d43 7279 7074 7e30 3221 244b 0178 VimCrypt~02!$K.x
0000010: 2f63 cde0 50e2 b48d 5085 57c1 659a 4e03 /c..P...P.W.e.N.
0000020: a08e c4e6 658d 5903 a08e c4e6 658d 5903 ....e.Y.....e.Y.
0000030: ccf7 c1f3 6093 451f a28b daf8 6788 4e01 ....`.E.....g.N.
0000040: a7c4 98b0 3cc7 0d04 b299 c68d 0e8d 5904 ....<.........Y.
0000050: a796 cefa 7c9d 5113 f9c4 90e1 ab45 1fd6 ....|.Q......E..
0000060: 39d9 8e01 5e0f 2faf 930f 2eaa 4396 2b44 9...^./.....C.+D
0000070: f817 8a97 d8ae d153 ee24 b879 ab76 9ae5 .......S.$.y.v..
0000080: b462 33e5 d9a5 26ba 2771 451a 59a8 012b .b3...&.'qE.Y..+
0000090: 63d4 af6d 092c 1cda 5fb7 2bd9 a568 a349 c..m.,.._.+..h.I
00000a0: e794 ab16 dc .....
I've done this exact set of text a few times, and the crypttext is
different each time as it should be. It's easiest if one does the
encryption until the 9th last byte has the MSB set, that way you don't
have to fiddle with the ascii representation at the end of the line,
just change the hex value. Here it's offset 0x9c which is 0xa5.
Then I do:
- vim S.xxd
- alter the value at 0x9c
- :x
- xxd -r < S.xxd > S
- vim -u NONE -U NONE S
- correcthorsebatterystaple
- note the last line is alterated from "this year" to something:
0xa0 == thiv
0xa1 == thiw
0xa2 == thit
0xa3 == thiu
0xa4 == thir
0xa5 == this
0xa6 == thip
0xa7 == thiq
0xa8 == thi~
0xa9 == thi\0x7f
0xaa == thi|
0xab == thi}
0xac == thiz
0xad == thi{
0xae == thix
0xaf == thiy
0xaa is a 4 bit change. This problem is bigger than single bit flips.
The sharp-eyed will note the pattern in the incorrect text, which I
expect is a direct result of a flaw in the blowfish implementation.
Altering the high nibble also produces the incorrect behaviour (being
careful to also alter the ascii character at the end of the line):
0xb5 == thic
0x55 == thi\0x83
0x5a == thi\0x8c
0x5a is an 8 bit difference. That's not insignificant.
...Stu
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
