Unusual (unintended?) behavor upon decryption of a message

Peter Lebbing peter at digitalbrains.com
Tue Nov 19 21:01:56 CET 2013


On 19/11/13 18:14, vedaal at nym.hush.com wrote:
> Why does gnupg give these types of error message, as opposed to simply
> stating  'decryption failed: bad passphrase' ??
> 
> What kind of relationship is there between the number listed for the
> 'unknown algorithm' and the passphrase string that was given

The passphrase is used to decrypt the concatenation of an octet specifying
what cipher was used for the symmetrically-encrypted data packet and the key
for that data packet. If you give the wrong passphrase, this comes out as
random rubbish, and that first octet specifying the cipher for the data is
rubbish as well. This is what GnuPG reports. There is no check if the
decryption was succesful; it just results in garbage. After a few tens of
tries, I suppose you can actually hit the case where the algorithm
identifier is something usable, and GnuPG will probably try to decrypt the
data packet with the rubbish it got from the symmetrically encrypted session
key packet :).

> and might
> this be used in any way to try attack gnupg by determining the length of
> the passphrase or the correctness of any character in the string ?

This line of reasoning is wrong. You are thinking of a system that knows the
passphrase, and through its error messages, leaks data about it. But GnuPG
knows as much as you. The security of the system is in the encrypted file,
not in the program you use to access that file[1]. If GnuPG gave error
messages that leaked data and this problem was fixed, you could simply write
your own program that gives leaky error messages to you and use that to
crack the key. Obviously it doesn't work that way.

HTH,

Peter.

[1] Actually, DRM borders on exactly this: it gives you everything, but then
tries to prevent your use of it. Which is why it has been called Broken By
Design.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt



More information about the Gnupg-users mailing list