pgp -c,no initialization vector, possible bug, pgp 26ui
-----BEGIN PGP SIGNED MESSAGE----- In pgp 2.6 UI When pgp is called with the -c switch, the routine idea_encryptfile in crypto.c is called from main in pgp.c.
status = idea_encryptfile( workfile, tempf, attempt_compression);
int idea_encryptfile(char *infile, char *outfile, boolean attempt_compression) { FILE *f; /* input file */ FILE *g; /* output file */ byte ideakey[16]; struct hashedpw *hpw;
Note that idea key is a 16 bytes. Now idea_encryptfile calls squish_and_idea_file in crypto.c with this 16 byte key.
/* Now compress the plaintext and encrypt it with IDEA... */ squish_and_idea_file( ideakey, f, g, attempt_compression );
Now squish_and_idea_file calls idea_file in the module crypto.c with the same 16 byte key.
static int squish_and_idea_file(byte *ideakey, FILE *f, FILE *g, boolean attempt_compression) {
I don't know if this will cause a problem or not, but PGP 2.6 defines ideakey[24] in idea_encryptfile(). So, it may be a problem in 2.6ui; I'm not sure. I don't know the IDEA code well enough to determine, and I don't feel like tracking this down right now -- it's not a factor in 2.6. -derek
participants (2)
-
0x7CF5048D@nowhere -
Derek Atkins