encryption bloats file
Scott Lambdin
lopaki at gmail.com
Sat Jan 10 02:04:50 CET 2009
It looks like all digits and capital letters. And some kind of spaces or
tabs. It's not a bomb. These file come in routinely. All the ones I have
looked at (ftp'd size vs the unencrypted file sitting in archive) are right
about 2-to-1.
To get a still encrypted file, I would have to file a request to modify a
script and at least 3 groups would have to approve the request. And I would
have to wait at least 1 week before I actually made the change. I remember
freedom. . . . .
Thanks.
On Fri, Jan 9, 2009 at 7:50 PM, David Shaw <dshaw at jabberwocky.com> wrote:
> On Jan 9, 2009, at 7:07 PM, Robert J. Hansen wrote:
>
> Scott Lambdin wrote:
>>
>>> Someone sends us a big ~700MB pgp encrypted file and when we decrypt it
>>> the resulting file is about half that size. Anyone have an idea what
>>> they might be doing to swell it up like that?
>>>
>>
>> Option 1: they're not using compression and they're ASCII-armoring the
>> file. You can expect to see a large size swell.
>>
>
> Not double. By definition ASCII armor is around 1/3 larger (actually 137%)
> than the original document (not counting headers and such, but they only
> amount to a few hundred bytes, not megs).
>
> Option 2: they're sending a file that's carefully crafted to blow up.
>> I've seen a ridiculously tiny zip archive (a couple of K) that expands
>> into hundreds of terabytes. There are sixteen zip archives in that zip
>> archive, each zip archive expands into another sixteen zip archives,
>> each of those zip archives expands into several gigs of zeros, etc., etc.
>>
>
> Other way around - the original file was ~700MB. The decrypted file was
> ~350MB.
>
> Incidentally, GPG has code to deal with the potential denial of service
> from a "bzip bomb" like you mention. See the --max-output option.
>
> Scott, do you know what OpenPGP program created the file that was sent to
> you? Can you tell us what sort of data it it? (text? binary? image file?
> (if so, jpeg? mpeg? other?) Also please try decrypting the file again and
> add "-v -v" to the command line. Please send us anything you can that isn't
> sensitive (specifically the compressed packet algo number, and the raw data
> size and mode from the literal data packet).
>
> David
>
--
There's a box?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090109/ec30f54f/attachment.htm>
More information about the Gnupg-users
mailing list