Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.

To: thesinoda@xxxxxxxxxxx
Subject: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
From: Alexander Klimov <alserkli@xxxxxxxx>
Date: Fri, 26 May 2006 18:39:16 +0300 (IDT)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20060524205535.28425.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060524205535.28425.qmail@xxxxxxxxxxxxxxxxx>
Sender: Alexander Klimov <alserkli@xxxxxxxx>

On Wed, 24 May 2006 thesinoda@xxxxxxxxxxx wrote:
> Steps to access PGP Encrypted Disk (Passphrase) using a Backdoor type attack
> [...]
>     * Now say you give that disk to someone and they changed the
>       passphrase on it. You can still access it

Intuitively, the system works as follows: a random key K is used to
encrypt all the data on the volume; the passphrase is used to encrypt
the key K. This design allows to change the passphrase without
reencrypting the whole drive (only K needs to be reencrypted). One
well-known side-effect is that if one knows K he can decrypt the data.

There is no `security bug' in a program --
it is just the user who does not even bother to read the FAQ
<http://www.truecrypt.org/faq.php>:

    Q: Is it secure to create a new container by cloning an
    existing container?

    A: You should always use the Volume Creation Wizard to
    create a new TrueCrypt volume. [...]


Btw, an `attack' similar to the one you described is also explained in
the same document:

    Q: We use TrueCrypt in a corporate environment. Is there
    a way for an administrator to reset a password when a
    user forgets it?

    A: There is no "back door" implemented in TrueCrypt.
    However, there is a way to "reset" a TrueCrypt volume
    password/keyfile. After you create a volume, backup its
    header (select Tools -> Backup Volume Header) before you
    allow a non-admin user to use the volume. Note that the
    volume header (which is encrypted with a header key
    derived from a password/keyfile) contains the master key
    with which the volume is encrypted. Then ask the user to
    choose a password, and set it for him/her (Volumes ->
    Change Volume Password); or generate a user keyfile for
    him/her. Then you can allow the user to use the volume
    and to change the password/keyfiles without your
    assistance/permission. In case he/she forgets his/her
    password or loses his/her keyfile, you can "reset" the
    volume password/keyfiles to your original admin
    password/keyfiles by restoring the volume header (Tools
    -> Restore Volume Header).

-- 
Regards,
ASK

References:
- A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
  - From: thesinoda

Prev by Date: Re: Wordpress <=2.0.2 'cache' shell injection
Next by Date: Re: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
Previous by thread: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
Next by thread: RE: [security] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
Index(es):
- Date
- Thread