Possible bug in gpg?

Brad Tilley brad at 16systems.com
Sat Jul 28 20:18:19 CEST 2012


Hi,

I have a symmetrically encrypted pgp file here:

http://16s.us/word_machine/downloads/pgp-easy.tgz.pgp

gpg will accept the three characters !=X as the password and exit with a
return status of 0 (although it does not actually decrypt the file):

$ gpg -d pgp-easy.tgz.pgp
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected

$ echo $?
0

!=X is not the plaintext password that was used to encrypt the file. I was
hoping someone on the list might be able to help me understand why this
might happen. Could it be a bug in gpg, or OpenPGP itself? Here is my gpg
version:

$ gpg --version
gpg (GnuPG) 1.4.12

Here is --list-packets:

$ gpg --list-packets pgp-easy.tgz.pgp
:symkey enc packet: version 4, cipher 3, s2k 3, hash 2
	salt 8dd17929c3935452, count 65536 (96)
gpg: CAST5 encrypted data
:encrypted data packet:
	length: unknown
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected

I don't yet know the actual plaintext password or the exact
commands/program used to encrypt the file, but I should know in a few
days. This is a file that's apart of the defcon password cracking contest
and I came across this and wanted to mention it here.

I'm not subscribed to this list, so please cc me if you want to reach me.

Thanks,

Brad




More information about the Gnupg-users mailing list