They rarely do. It's worked fine for them for a decade or more, and they're not going to change...
On another mailing list I shared the story of how an AES256-encrypted drive was bypassed by law-enforcement and the plaintext recovered. The subject was using PGPdisk 6.0.2 on a Windows XP laptop, hibernated it, and the AES key was written to disk where a forensic examiner later picked it up.
This didn't happen because of bugs in either PGPdisk or Windows XP: it was entirely due to the user ignoring Network Associates when they warned him, "PGPdisk 6.0.2 was never designed for Windows XP and you might be putting your data at risk by using it."
Interested in the full story? The write-up is below.Not interested? Skip it, but please remember to upgrade your GnuPG installation at least every few years. :)
===== ===== ===== > Technically, your team didn't break (or crack) AES256, it > merely spotted the key (no small feat for sure!)(Long and nerdy. All of this history is off the top of my head, no notes. I may be in error in some places.)
Depends on how one considers side channel attacks! It's true that we didn't successfully cryptanalyze the AES256 cipher, but we mounted a successful attack on a *correctly-implemented* AES256 system. (That "correctly-implemented" thing matters.)
PGPdisk 6.5.8-CKT is a misnomer. Network Associates, Inc., stopped publishing PGPdisk source code after version 6.0.2. When NAI stopped publishing PGP source code in late 2000, a group of hacktivists, "Cyber-Knights Templar", led by a guy named Imad Faiad, took the last published source code for 6.5.8 and used it to build their own version, 6.5.8-CKT. When people asked them to also include PGPdisk, Faiad took the 6.0.2 PGPdisk source code, built PGPdisk 6.0.2, and included it in the 6.5.8-CKT package.
Why does this matter?'01 was a very interesting year for home computing. That was the year Windows XP was released to home users. Prior home editions of Windows were fundamentally MS-DOS... MS-DOS pushed as far as it could humanly go, sure, but still MS-DOS.
There are two big mistakes people make when discussing Windows 95: one is to think it was a graphical version of MS-DOS (it wasn't, it had genuine hard breaks from its MS-DOS heritage), and the other is to think it wasn't (it was, as evidenced by how it had to launch a new MS-DOS instance, at least briefly, for every program it ran, including native 32-bit Windows ones).
Part of it being MS-DOS meant that pretty much every bit of hardware had its own specialized device driver. Yes, we had laptops in 1995-2001 that could hibernate when you closed the lid -- but only if you had a specialized device driver for your laptop (to make Windows aware of what to do), and good luck with application support for hibernation. Application developers couldn't be expected to support every device driver directly!
This meant that PGPdisk 6.0.2 was *correctly written* for that era. It wasn't aware of hibernation events because, well, pretty much nothing was except Windows, and even then only with custom drivers loaded.
Then in August of 2001, Microsoft switched the consumer version of Windows from MS-DOS to Windows NT. (Yes, every version of Windows from Windows 2000 onwards is actually Windows NT. And Windows NT is basically OpenVMS with the serial numbers filed off. Microsoft hired Dave Cutler to design "Windows New Technology", and Cutler was the chief architect of OpenVMS. Windows NT is basically a next-generation OpenVMS, the same way MacOS is a next-generation NeXTSTEP.)
Anyway. We never saw *good* hibernation support in consumer grade hardware until Windows XP... released August of 2001.
(Kinda true. Microsoft actually finally found a hackish way to do it tolerably well in Windows Me, in 1999. But since all of about four people worldwide bought Windows Me, we can discount this. Windows 2000 introduced good hibernation support, but that was a business-and-enterprise Windows version. Windows XP was when it became common in consumer-grade Windows.)
Whew. I'm getting somewhere, I promise.So, post-XP, Microsoft had a standard, uniform way to do hibernation. The user signals a hibernation event, and Windows in turn blasts a message to each process saying "WE'RE CLOSING UP SHOP, WIPE ALL YOUR SENSITIVE STUFF."
But that message wasn't standardized until Windows 2000!PGPdisk 6.0.2 was released in ... '98, I think? There's absolutely no way PGPdisk could have known about it. And so, when it received that notification, it does what every application does when it gets an advisory message it doesn't know what to do with: it shrugged its shoulders, said "meh", and kept going.
=====Why am I telling you this long story? Hell if I know. Let me re-read this and...
Oh, right, that's where I'm going. =====Some people hear my story of the downfall of Rajib Mitra and think "you guys exploited a bug in PGPdisk."
We didn't. At no point did we find a bug in PGPdisk. PGPdisk was correctly implemented.
But there's a reason why cryptographic software is only rated for certain environments, and why it's so important to take security nerds seriously when we caution, "that's very much not a recommended configuration..."
The guys at Network Associates would tell anyone who asked, "if you plan on running this on Windows XP you really need to use PGP 7 or later, Microsoft made a ton of subtle changes to Windows, we can't guarantee earlier versions of PGP will work correctly, you could be putting your data at risk." Network Associates was very up-front about it.
But a ton of their users said, "nah, that's just a ploy to sell more copies of PGP, why, I'm running PGPdisk 6.0.2 right now on my Windows XP system and it works just fine..."
=====We didn't break the AES256 cipher, nor did we find a bug in PGPdisk. We found a subtle conflict between the assumptions PGPdisk was making about its environment ("we don't need to worry about hibernation because there's no standard way to hibernate anyway") and the assumptions the environment was making about PGPdisk ("when I tell it we're hibernating, it will wipe sensitive data").
But it was one hell of a side channel attack, and it is unquestionably true to say that we found a technological means to gain access to a *correctly-implemented* AES256-encrypted drive.
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
