lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200605291820405785681@ercist.iscas.ac.cn>
Date: Mon May 29 11:14:17 2006
From: h4x0r at ercist.iscas.ac.cn (madsys)
Subject: Re: Proof of concept that PGP AUTHENTICATION CAN
	BE BYPASSED WITHOUTPATCHING

aGksIEkgZG9udCB0aGluayB5b3UgY2FuIGVhc2lseSBkZWNyeXB0IHRoZSBQR1BkaXNrIHdpdGhv
dXQga25vd2luZyB0aGUgZW5jcnlwdGlvbiBrZXkgb3IgdGhlIHByaXZhdGUga2V5LiBCdXQgSSB0
aGluayB3aGF0IHlvdSBtZW50aW9uZWQgaXMgYSBidWcgLS0gUEdQZGlzayBzaG91bGRuJ3Qgc2hv
dyB0aGUgY29udGFpbmVkIGZpbGVzIGxpc3QgYmVmb3JlIGRlY3R5cHRpbmcgdGhlIGRpc2suDQoN
Cg0KCW1hZHN5cw0KDQo9PT09PT09IDIwMDYtMDUtMjggMDU6MzE6MTijuj09PT09PT0NCg0KPlRo
aXMgdG8gYW5zd2VyIE1yIEpvbiBDYWxsYXMgKFBHUCBDVE8pIGFuZCB0byBzaG93IGhpbSB0aGUg
bGFzdCBwcm9vZi1vZi1jb25jZXB0LiBJZiBoZSBkaWQgbm90IGdldCBpdCB3ZSBjb25zaWRlciB3
ZSBoYXZlIGRvbmUgb3VyIHBhcnQgdG8gcmVwb3J0IGEgQklHIHByb2JsZW0gaW4gUEdQIHVubGVz
cyB0aGlzIGlzIHNvbWUga2luZGEgb2YgSElEREVOIGZlYXR1cmVzLg0KPg0KPg0KPg0KPi0tQWRv
bmlzLCBBYmVkIENvbW1lbnRzLS0NCj4NCj5XZSBkbyBub3QgYWdyZWUgd2l0aCBzb21lIG9mIFBH
UCBjb21tZW50cy4gDQo+DQo+DQo+DQo+V2UgZG8gbm90IGtub3cgd2h5IHRoZXkganVzdCBzZWUg
b25lIHNpZGUgb2YgdGhlIGNvaW4uDQo+DQo+DQo+DQo+V2hhdCBpZiB5b3UgaGFkICBjcmVhdGVk
IGEgdmlydHVhbCBkaXNrICBhbmQgZ2l2ZSB0aGF0IHRvICBzb21lb25lLiBUaGF0IHNvbWVvbmUN
Cj4NCj51c2UgaXQgYXMgaGlzL2hlciBvd24gZGlzayBhbmQgIGRlY2lkZWQgdG8gY2hhbmdlIHRo
ZSBwYXNzd29yZCBiZWNhdXNlIHRoZXkgIG93bg0KPg0KPnRoZSBkaXNrICBub3cgKFlvdSAgZ2l2
ZSB0aGVtICB0byB0aGVtICB3aXRoIHRoZSAgcGFzcykuIFNvICB0aGV5IGRpZCBjaGFuZ2UgdGhl
DQo+DQo+cGFzc293cmQsIGJ1dCB0aGUgb3JpZ2luYXRvciAgY2FuIHN0aWxsIGFjY2VzcyB0aGF0
ICBkaXNrIGlmIGhlL3NoZSByZXBsYWNlICB0aGUNCj4NCj5wYXNzcGhyYXNlICBieXRlcyBpbiAg
dGhlIGJpbmFyeSAgZmlsZS4gU28gIEkgY29uc2lkZXIgIHRoaXMgYW4gIGF0dGFjayBvbiAgZGF0
YQ0KPg0KPklOVEVHUklUWSBhbmQgIGRhdGEgQVZBSUxBQklMSVRZIHNpbmNlIHRoZSBsZWdpdGlt
YXRlIHVzZXIgd2lsbCBiZSBkZW5pZWQgYWNjZXNzDQo+DQo+dG8gdGhlIGRpc2sgYWZ0ZXIgcmVw
bGFjaW5nIHRoZSBwYXNzcGhyYXNlIGJ5dGVzLg0KPg0KPg0KPg0KPiJ3aHkgeW91IGRvIG5vdCB3
YW50IHRvIHNlZSB0aGF0IHlvdXIgcGFzc3dvcmQgdmVyaWZpY2F0aW9uIGNhbiBiZSBzaW1wbHkg
DQo+DQo+YnlwYXNzZWQsIGJlc2lkZXMgYSByZXB1dGFibGUgY28uIGxpa2UgUEdQIHNob3VsZCBh
dCBsZWFzdCBwdXQgYW50aS1kZWJ1Z2dpbmcgDQo+DQo+dHdlYWtzLCBvciBldmVuIGVuY3J5cHQv
aGlkZSB0aGUgcGFzc3BocmFzZSBsb2NhdGlvbiINCj4NCj4NCj4NCj5UbyBwZ3AsIHlvdXIgYXV0
aGVudGljYXRpb24gY2FuIGJlIGJ5cGFzc2VkLCBldmVuIGlmIHlvdSBoYXZlIGNyZWF0ZWQgdHdv
DQo+DQo+ZGlmZmVyZW50IC5zZGEgZmlsZSB3aXRoIHR3byBkaWZmZXJlbnQgY29udGVudC4gdGhl
IGF1dGhlbnRpY2F0aW9uIGNhbiBiZQ0KPg0KPm92ZXJ3cml0dGVuIGFuZCB0aGUgZmlsZSBjYW4g
YmUgZXh0cmFjdGVkIGlmIHlvdSB1c2UgYSBkZWJ1Z2dlciBpZiB5b3UgZG8gbm90DQo+DQo+dXNl
IGEgZGVidWdnZXIgeW91IHdpbGwgYmUgYWJsZSB0byBqdXN0IGJ5cGFzcyB0aGUgYXV0aGVudGlj
YXRpb24gYnV0IHdpdGhvdXQNCj4NCj5leHRyYWN0aW9uLiB3aHkgZG9uJ3QgeW91IHNlZSB0aGF0
IG1yLiBqb24/IGluc3RlYWQgb2YgYml0Y2hpbmcgYW5kIHN0dWZmPyB3aHkNCj4NCj5jYW5ub3Qg
eW91IGJlIHByb2Zlc3Npb25hbCBhbmQganVzdCBleHBsYWluIGZhY3QgYWZ0ZXIgeW91IGRvIHlv
dXIgaG9tZSB3b3JrDQo+DQo+d2l0aCBhIG5pY2UgZGVidWdnZXIuPyBpcyB0aGF0IHRvIG11Y2gg
YXNraW5nLCBJIHRoaW5rIHdlIGFyZSB0YWxraW5nIGFtb25nDQo+DQo+aHVtYW4gYW5kIGFkdWx0
cyBubz8uDQo+DQo+DQo+DQo+V2UgdGhpbmsgTXIuIEpvbiAoUEdQKSBzaG91bGQgcGxheSB0aGlz
IGZsYXNoIHZpZGVvIFNMT1cgUkVBTCBTTE9XLg0KPg0KPg0KPg0KPmh0dHA6Ly93d3cuc2FmZWhh
Y2suY29tL0Fkdmlzb3J5L3BncC9hbnN3ZXJqb24uaHRtbA0KPg0KPg0KPg0KPlBHUCBjb21tZW50
czogaHR0cDovL3d3dy5zZWN1cml0eWZvY3VzLmNvbS9hcmNoaXZlLzEvNDM1MTU1IA0KPg0KPg0K
Pg0KPlF1b3RlIGZyb20gTXIgSm9uIGNvbW1lbnRzOiAiRm9yIGNvbXBsZXRlbmVzcywgSSdsbCBu
b3RlIHRoYXQgd2UgYXJlIGRpc2N1c3NpbmcNCj4NCj53aGV0aGVyIHdlIHNob3VsZCBhZGQgaW4g
YSB3YXJuaW5nIGRpYWxvZyB0byB0aGUgcGFzc3BocmFzZSBjaGFuZ2Ugb24gYSBQR1ANCj4NCj5E
aXNrLCB0byB0ZWxsIHRoZSB1c2VyIHRoYXQgYW4gYXR0YWNrZXIgd2hvIGhhcyBsZWFybmVkIGFu
IG9sZCBwYXNzcGhyYXNlLCBoYXMNCj4NCj5hbiBvbGQgZGlzayBhbmQgYSBoZXggZWRpdG9yIGNh
biBwYXRjaCB0aGUgZGlzayBzbyB0aGF0IGl0IGNhbiBiZSBvcGVuZWQuIE9uIHRoZQ0KPg0KPm9u
ZSBoYW5kLCB0aGlzIG1pZ2h0IGJlIGEgZ29vZCB0aGluZyB0byBkbyIuIA0KPg0KPg0KPg0KPlNv
IGlmIE1yIEpvbiBkb2VzIG5vdCBzZWUgdGhlIHByb2JsZW0gd2h5IHRoZXkgYXJlIHRhbGtpbmcg
YWJvdXQgYWRkaW5nIGENCj4NCj5tZXNzYWdlIGJveD8uIFdoeSB0aGUgcGFzc3BocmFzZSBsb2Nh
dGlvbiBpcyBub3QgaGlkZGVuPyBldGMuIEkgc3RpbGwgc2VlIHRoaXMNCj4NCj5hcyBJTlRFR1JJ
VFkgYW5kIEFWQUlMQUJJTElUWSBhdHRhY2tzIG9uIFBHUC4gSSBkbyBub3QgdGhpbmsgaXQgaXMg
bm9ybWFsDQo+DQo+YmVoYXZpb3Igb2YgYW4gZW5jcnlwdGlvbiBhcHBsaWNhdGlvbiB0byByZXZl
YWwgaXQgaXMgcGFzc3BocmFzZSBsb2NhdGlvbiBhbmQgSQ0KPg0KPmRvIG5vdCBzZWUgYnlwYXNz
aW5nIHRoZSBwYXNzcGhyYXNlIGRpYWxvZy1ib3ggYXMgRmVhdHVyZSBlaXRoZXIuDQo+DQo+DQo+
DQo+IA0KPg0KPg0KPg0KPlByb29mIG9mIGNvbmNlcHQgdGhhdCBQR1AgQVVUSEVOVElDQVRJT04g
Q0FOIEJFIEJZUEFTU0VEIFdJVEhPVVQgUEFUQ0hJTkcgVEhFIA0KPg0KPkJJTkFSWSBGSUxFIEVW
RU4uDQo+DQo+DQo+DQo+VGhpcyBGbGFzaCB2aWRlbyBpcyBkZWRpY2F0ZWQgdG8gTXIuIEpvbiBD
YWxsYXMgKFBHUCBDVE8sIENTTykuDQo+DQo+aHR0cDovL3d3dy5zYWZlaGFjay5jb20vQWR2aXNv
cnkvcGdwL3Byb29mX29mX2NvbmNlcHRfUEdQX0F1dGhlbnRpY2F0aW9uX0JZUEFTUy5odG1sDQo+
DQo+aHR0cDovL3d3dy5zYWZlaGFjay5jb20vQWR2aXNvcnkvcGdwL3Byb29mX29mX2NvbmNlcHRf
UEdQX0F1dGhlbnRpY2F0aW9uX0JZUEFTUy5odG1sDQo+DQo+DQo+DQo+V2UgaGFkIHJlcG9ydGVk
IHRoYXQgUEdQIEF1dGhlbnRpY2F0aW9uIGNhbiBiZSBieXBhc3NlZCBieSBwYXRjaGluZyB0aGUg
YmluYXJ5IA0KPg0KPmZpbGUuIEFmdGVyIHJlYWRpbmcgTXIuIEpvbiBDYWxsYXMgTk9OIFBST0ZF
U1NJT05BTCBhbnN3ZXIsIG1lIGFuZCBhYmVkIGRlY2lkZWQgDQo+DQo+dG8gc2hvdyBoaW0gdGhh
dCBpcyBub3QgdHJ1ZS4gQnkgdXNpbmcgYSBTSU1QTEUgRGVidWdnZXIgUEdQIEF1dGhlbnRpY2F0
aW9uIGNhbiANCj4NCj5iZSBieXBhc3NlZC4NCj4NCj4NCj4NCj5IZXJlIGlzIE1yIEpvbiBDYWxs
YXMgQ29tbWVudHMgaHR0cDovL3d3dy5zZWN1cml0eWZvY3VzLmNvbS9hcmNoaXZlLzEvNDM1MTU1
IA0KPg0KPlN1bW1pbmcgdXAsIHdlIGFyZSBkaXNhcHBvaW50ZWQgdGhhdCBmb3Igd2hhdGV2ZXIg
cmVhc29ucywgd2Ugd2VyZSBub3QgY29udGFjdGVkIA0KPg0KPmFib3V0IHRoaXMgcmVzZWFyY2gg
YmVmb3JlIGl0IHdhcyBwdXQgb24gdGhlIHdlYiBhbmQgcG9zdGVkIG9uIGJ1Z3RyYXEuIEhhZCB3
ZSANCj4NCj5iZWVuIGNvbnRhY3RlZCwgd2UgY291bGQgZGlzY3VzcyB0aGlzIGluIHByaXZhdGUg
cmF0aGVyIHRoYW4gaGF2ZSB0byBhaXIgdGhlIA0KPg0KPmRldGFpbHMgb2YgdGhpcyBtaXN1bmRl
cnN0YW5kaW5nIGluIGEgcHVibGljIGZvcnVtLiBJIGFtIHRydWx5IHNvcnJ5IGZvciB0aGUgDQo+
DQo+c2FrZSBvZiB0aGUgSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5zdGl0dXRlIG9mIFF1ZWJlYyBh
bmQgaXRzIHN0YWZmIHRoYXQgdGhpcyANCj4NCj5jb21wbGV4IGlzc3VlIGhhcyB0dXJuZWQgaW50
byBhIHB1YmxpYyBicm91aGFoYS4NCj4NCj4NCj4NCj5XZSBsb2FkIHRoZSBmaWxlIGluIHRoZSBk
ZWJ1Z2dlciBhbmQgc2V0IHRoZSBicmVhayBwb2ludHMgdGhlbiB3ZSBzdGFydCBieSANCj4NCj5o
aXR0aW5nIEY5IHdlIHdpbGwgc2VlIHRoZSBwYXNzd29yZCBkaWFsb2cgd2UgZW50ZXIgQU5ZIHBh
c3N3b3JkIGhlcmUuIFdoZW4gaXQgDQo+DQo+c3RvcCBhdCAwMDQwOTc5NyBIaXQgRjkgNiB0aW1l
cyBZb3Ugc2VlIA0KPg0KPg0KPg0KPm9uIDAwNDA1RDcwIHwuIEU4IDRGRkJGRkZGIENBTEwgYV9z
ZGEuMDA0MDU4QzQNCj4NCj53ZSBoaXQgNiB0aW1lcyBGOQ0KPg0KPkEgYnJlYWsgcG9pbnQgc2hv
dWxkIGJlIHNldCBvbiAwMDQwNUQ3MCB0byBzZWUgdGhpcy4NCj4NCj4NCj4NCj5BZnRlciBydW5u
aW5nIHRoZSBzZGEgaW4gb2xseSB3ZSBlbmQgdXAgaGVyZS4gV2UgaGl0IEY5IGNvdXBsZXMgb2Yg
dGltZSB0aGVuIHdlIGNoYW5nZSBFU0kgRURJDQo+DQo+T04gMDA0MDk3OTcgfC4gRjM6QTcgUkVQ
RSBDTVBTIERXT1JEIFBUUiBFUzpbRURJXSxEV09SRCBQVFIgRD47IA0KPg0KPg0KPg0KPldlIHNl
ZSB0aGUgc3RhY2sgdmFsdWVzDQo+DQo+RUNYPTAwMDAwMDAyIChkZWNpbWFsIDIuKQ0KPg0KPkRT
OltFU0ldPXN0YWNrIFswMEJCRjY4Q109REMzRjVDODIgPC0tIElGIFdFIEVOVEVSIEEgQkFEIFBB
U1NXT1JEIFRIRVNFIFdPTlQgQkUgVEhFIFNBTUUNCj4NCj5FUzpbRURJXT1zdGFjayBbMDBCQkZG
OThdPURDM0Y1QzgyIEVRVUFMLi4uIFdFIEpVU1QgTUFLRSBUSEVNIEVRVUFMIFRIRU4gQ09OVElO
VUUgVEhFIFFVRVNULiANCj4NCj4NCj4NCj5BVCBUSElTIFBPSU5UIFBHUCBBdXRoZW50aWNhdGlv
biBpcyBieXBhc3NlZC4NCj4NCj4NCj4NCj5JIGhvcGUgdGhhdCBoZWxwIE1yLiBKb24gKFBHUCkg
c2VlaW5nIHRoZSBwcm9ibGVtLiBBZ2FpbiBNciBKb24gQml0Y2hpbmcgZG9lcyBub3QgaGVscCB5
b3UgZml4aW5nIHlvdXIgcHJvZHVjdHMuDQo+DQo+DQo+DQo+LS0gRW5kIENvbW1lbnQtLQ0KPg0K
Pg0KPlBlYWNlDQo+Lg0KDQo9ID0gPSA9ID0gPSA9ID0gPSA9ID0gPSA9ID0gPSA9ID0gPSA9ID0N
CgkJCQ0KDQoJCQkJIA0KDQo=


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ