lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 11 Sep 2013 10:32:15 +0200
From: Jan Schejbal <>
Subject: Insecure CHIASMUS encryption in GSTOOL

== Insecure CHIASMUS encryption in GSTOOL ==
GSTOOL versions 3.0 to 4.7 (inclusive) contain an insecure encryption
feature using the non-public CHIASMUS block cipher. Due to the use of an
insecure PRNG for key generation, files encrypted using the encryption
feature of this tool can be decrypted without knowledge of the key
within seconds to minutes.

The affected versions of GSTOOL were developed by Steria Mummert
Consulting for the German Federal Office for Information Security
(Bundesamt für Sicherheit in der Informationstechnik, BSI) and released
by the BSI.

We reported the issue to the BSI in November 2011. The BSI issued an
advisory warning users to stop using the encryption feature in the same
month. A patch disabling the vulnerable encryption feature was released
in June 2013. We later learned that the issue was independently
discovered by Felix Schuster in 2009.

For full details including further issues found, please see the German
advisory, available at
Since this is an implementation issue, the CHIASMUS block cipher itself
and other products (e.g. Chiasmus for Windows) using the CHIASMUS block
cipher are NOT affected.

Kind regards,
Jan Schejbal

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists