Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.

To: thesinoda@xxxxxxxxxxx
Subject: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Fri, 26 May 2006 19:46:56 +0400
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20060524205535.28425.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: http://www.security.nnov.ru
References: <20060524205535.28425.qmail@xxxxxxxxxxxxxxxxx>
Reply-to: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>

Dear thesinoda@xxxxxxxxxxx,

Sorry,  but  I  see  no security vulnerability here.

Disk encryption usually works this way:

1.  Disk  is  divided to blocks (or files). Each block is encrypted with
random  symmetric  key  to  extend  security  and encryption/description
speed.
2. Block key is encrypted with user's public key (or sometimes symmetric
key)
3.  User's  private  key  (or  shared  symmetric  key) is encrypted with
passphrase and is used for decryption.

If  you change passphrase, you decrypt your key and encrypt it with news
one.  Key  itself is not changed, because if key is changed you will not
be able to decrypt files.

Then  you give your disk with passphrase to someone - you actually share
your  private  key.  This  is the point YOU break security (or person who
accepts your key as his own). Now, you both share same key, and changing
passphrase  to encrypt this key doesn't help. Actually, what you do with
cut-and-paster is restoring your key encrypted with old passphrase. It's
expected behaviour.

--Thursday, May 25, 2006, 12:55:35 AM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx:

thc>     * After changing the passphrase the OLD passphrase SHOULD NOT work.
thc>     * Open pgpdisk.pgd and pgpdisk_backup.pgd in HEX editor
thc> e.g Ultraedit ONLY CHANGE WHERE YOU SEE A RED RECTANGULAR.
...
thc>     * Do some copy and past from the back-up file into pgpdisk.pgd



-- 
~/ZARAZA
http://www.security.nnov.ru/

References:
- A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
  - From: thesinoda

Prev by Date: Docebo LMS 2.05 Remote File Include
Next by Date: XSS in Monster Top List | MTL 1.4
Previous by thread: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
Next by thread: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
Index(es):
- Date
- Thread