afio.pgp.txt

`Date: Fri, 11 Jun 1999 16:55:30 -0000  
From: [email protected]  
To: [email protected]  
Subject: (fwd) SECURITY: afio: security hole in 'afio -P pgp' encrypted archives  
  
Hello,  
  
  
Just found it on comp.os.linux.announce. Sorry if it was already on the list.  
  
  
cezar  
  
-----BEGIN PGP SIGNED MESSAGE-----  
  
  
I believe that there are very few people who use afio's -P option for  
encrypting afio archive contents with pgp. If you do not use afio,  
pgp, or the 'afio -P pgp' option, it is safe to skip this message.  
  
I. Description  
  
Since version 2.4.2, the afio archiver has had an interface, the '-P  
pgp' command line option, which can be used to pgp-encrypt the file  
data written to an afio archive. Following up on some bug reports, I  
have recently discovered a security problem with this afio-pgp  
interface: pgp encryption is not always applied in the right way.  
This makes it possible to crack the encryption on the file data in an  
'encrypted' archive produced using afio with the '-P pgp' option.  
  
The security of files which were already encrypted _before_ being  
written to the archive is not affected. The security hole is not in  
pgp itself, but in the interaction between afio and pgp. Other  
programs which interact with pgp to encrypt things are very unlikely  
to have a similar security hole.  
  
II. Impact  
  
It is possible to crack the encryption of at least some of  
the file data in the 'encrypted' archives produced using 'afio -P  
pgp'. This includes archives produced using the pgp_write example  
script included in the afio distribution.  
  
The attack against the broken archive encryption is obscure, but not  
impossible to find. The next version of afio (due out in 1-n  
months) will fix the security bug. By reverse-engineering the bug  
fix, it will be easier to find the attack. So the release of the  
next afio version will make already-existing 'afio -P pgp' archives  
more vulnerable.  
  
III. Solution  
  
_Existing archives_ produced with 'afio -P pgp' should really be  
treated with the same care (against theft etc.) as unencrypted  
archives. If such existing archives cannot be deleted or safely  
locked away, then encrypting the _entire_ existing archive file with  
pgp will protect it. Such completely encrypted archives will _not_ be  
fault-tolerant against storage media errors, like normal afio  
archives are.  
  
_New archives_ which really need to be protected with encryption can  
be made by having afio output the archive to stdout and piping this  
output through pgp: 'find [options] | afio -o [options] - | pgp  
[options] >device_or_file'. Such encrypted archives will _not_ be  
fault-tolerant against storage media errors, like normal afio  
archives are.  
  
The next version of afio (due out in 1-n months) will fix this  
security hole by which 'afio -P pgp' creates unsafe archives.  
  
  
On a personal note: I don't use PGP myself, and am not an expert in  
dealing with security bugs. Obviously, reporting the existence of the  
bug makes existing archives more vulnerable. Before I get flamed for  
handling this in entirely the wrong way: yes, I did ask some experts  
first, and this procedure is what came out.  
  
  
Koen. (current afio maintainer)  
  
  
  
  
- --  
This article has been digitally signed by the moderator, using PGP.  
http://www.iki.fi/mjr/cola-public-key.asc has PGP key for validating signature.  
Send submissions for comp.os.linux.announce to: [email protected]  
PLEASE remember a short description of the software and the LOCATION.  
This group is archived at http://www.iki.fi/mjr/linux/cola.html  
  
-----BEGIN PGP SIGNATURE-----  
Version: 2.6.3ia  
Charset: latin1  
  
iQCVAgUBN2A06FrUI/eHXJZ5AQFliAQAiY+ViFPj6ADX323dVh2P/H1BBD7lBs/8  
pR+JYYNReWqmr75Nvx33KtxGjlZmr/DG5cLp6Wb91RD4Xj2qZQkpoEUq5BjjkGFh  
6kUKBD49Z6G3XDEzlGUH1UBchvnB8zBTTHMG4T1KzL0xkXBDIn1GjrLNZSOiMyAs  
g1koMsqZANk=  
=yXea  
-----END PGP SIGNATURE-----  
-- end of forwarded message --  
  
--  
cezar  
CYBER Service / PKFL  
  
`