Oracle behavior in Gnupg? // (was 'possible bug in gpg?')
David Shaw
dshaw at jabberwocky.com
Mon Jul 30 17:14:11 CEST 2012
On Jul 30, 2012, at 10:45 AM, vedaal at nym.hush.com wrote:
> While playing around with --override-session key , have noticed
> that gpg gives many different sets of error messages when trying
> out different session keys.
[examples]
> Borh examples give error messages identical to the first one,
> except that when the first 8 real characters are used, the error
> message of 'gpg: [don't know]: invalid packet (ctb=37)' is not
> present,
> and when the second real 4 characters are used, there is a
> 'different' error message of 'gpg: [don't know]: invalid packet
> (ctb=32)'.
Yes, this is expected behavior. It follows from what I explained earlier in this thread. When you use --override-session-key, you bypass the quick check (after all, you gave the override key - what is there to check?) so you are seeing GnuPG choke on the invalid OpenPGP structures resulting from the garbage decryption.
> Anything real about the 'oracle' action in any of this ?
It's only an oracle if you return this output to the attacker, or in some other way allow the attacker to see differences (timing, for example) in the responses to what he submits to you.
Don't do that ;)
David
More information about the Gnupg-users
mailing list