At 02:07 PM 12/09/1997 MDT, Anonymous Remailer wrote,
to the remailer-operators list:
I just discovered a disturbing fact. I'm not sure how it works with other
remailers, but Juno remailers (and I think Winsock too) shell to PGP,
supplying the key passphrase to decrypt messages. This in itself is fine
(ugly, but it works), but it happens to be that a person can guess the
key passphrase by sending the remailer a CONVENTIONALLY encrypted message
(with the probable passphrase).
PGP doesn't seem to care if the key phrase applies to a secret key, or to
the message password if conventionally encrypted. The message will pass
as normal, thus proving the passphrase is correct.
While this is using PGP 2.6.x, it's still a problem for future versions
(though perhaps this belongs in pgp-bugs rather than ietf-open-pgp.)
The obvious workaround is to use a good passphrase (:-),
but there really is a need to tell PGP what key a given passphrase is for.
The PGPPASS was always a somewhat risky feature (passing sensitive
information to a program you don't control is inherently risky,
and at least in Unix, the environment variables are often
visible as well), but it's something you need to be able to use
to build non-interactive environments.
Thanks!
Bill
Bill Stewart, bill(_dot_)stewart(_at_)pobox(_dot_)com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639