Hi, I have a symmetrically encrypted pgp file here:
http://16s.us/word_machine/downloads/pgp-easy.tgz.pgp gpg will accept the three characters !=X as the password and exit with a return status of 0 (although it does not actually decrypt the file): $ gpg -d pgp-easy.tgz.pgp gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase gpg: WARNING: message was not integrity protected $ echo $? 0 !=X is not the plaintext password that was used to encrypt the file. I was hoping someone on the list might be able to help me understand why this might happen. Could it be a bug in gpg, or OpenPGP itself? Here is my gpg version: $ gpg --version gpg (GnuPG) 1.4.12 Here is --list-packets: $ gpg --list-packets pgp-easy.tgz.pgp :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 salt 8dd17929c3935452, count 65536 (96) gpg: CAST5 encrypted data :encrypted data packet: length: unknown gpg: encrypted with 1 passphrase gpg: WARNING: message was not integrity protected I don't yet know the actual plaintext password or the exact commands/program used to encrypt the file, but I should know in a few days. This is a file that's apart of the defcon password cracking contest and I came across this and wanted to mention it here. I'm not subscribed to this list, so please cc me if you want to reach me. Thanks, Brad _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
