Dear thesinoda@xxxxxxxxxxx, Sorry, but I see no security vulnerability here. Disk encryption usually works this way: 1. Disk is divided to blocks (or files). Each block is encrypted with random symmetric key to extend security and encryption/description speed. 2. Block key is encrypted with user's public key (or sometimes symmetric key) 3. User's private key (or shared symmetric key) is encrypted with passphrase and is used for decryption. If you change passphrase, you decrypt your key and encrypt it with news one. Key itself is not changed, because if key is changed you will not be able to decrypt files. Then you give your disk with passphrase to someone - you actually share your private key. This is the point YOU break security (or person who accepts your key as his own). Now, you both share same key, and changing passphrase to encrypt this key doesn't help. Actually, what you do with cut-and-paster is restoring your key encrypted with old passphrase. It's expected behaviour. --Thursday, May 25, 2006, 12:55:35 AM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: thc> * After changing the passphrase the OLD passphrase SHOULD NOT work. thc> * Open pgpdisk.pgd and pgpdisk_backup.pgd in HEX editor thc> e.g Ultraedit ONLY CHANGE WHERE YOU SEE A RED RECTANGULAR. ... thc> * Do some copy and past from the back-up file into pgpdisk.pgd -- ~/ZARAZA http://www.security.nnov.ru/
