weird behavior of symmetrically encrypted file
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jan 15 20:55:50 CET 2010
Hi Tobias--
On 01/15/2010 04:24 AM, Tobias wrote:
> Why do I get a passphrase ("3ity") which I can't remember having ever
> used in my life? Why does gpg regard it as correct but still not decrypt
> my file? And apart from these somewhat academical questions: Is there a
> way I can use the half-correct passphrase to refine (which means, speed
> up) my search for the truly correct one? If I can use it to
> significantly reduce the set of possible passphrases, it may save me
> some decades worth of blind guessing.
I suspect what you're seeing is a function of the way the OpenPGP
standard handles passphrase calculations for "Symmetrically Encrypted
Data Packet" [0].
Basically, the data that is being symmetrically encrypted is prefixed
with an IV that contains a duplicated chunk of 16 bits for a
non-normative "quick check" that the session key was correct. This
means that 1 out of 2^16 choices of session key will falsely pass the
quick-check purely by chance, even though the material is actually not
correctly decrypted.
I don't know what brute force method you were using, but i suspect you
had about 5 bits of entropy per character in your enumerations. For
example, all lower-case letters plus numbers is a total of 36
possibilities, which is just about 5 bits (2^5 == 32). With 4-character
passphrases at 5 bits per character, you would run through 2^20
passphrases. So it's likely that you exhausted 2^16 passphrases, and
stumbled into one of the "quick check" false positives. This does *not*
mean that your data is insecure. It means the quick check is advisory
at best.
(see also the security considerations related to this "quick check" [1])
hope this helps,
--dkg
[0] http://tools.ietf.org/html/rfc4880#section-5.7
[1] http://tools.ietf.org/html/rfc4880#page-84
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100115/736361e3/attachment.pgp>
More information about the Gnupg-users
mailing list