[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pgp -c,no initialization vector, possible bug, pgp 26ui




-----BEGIN PGP SIGNED MESSAGE-----

In pgp 2.6 UI 
When pgp is called with the -c switch, the routine idea_encryptfile
in crypto.c is called from main in pgp.c.

> status = idea_encryptfile( workfile, tempf, attempt_compression);

>int idea_encryptfile(char *infile, char *outfile, 
>	boolean attempt_compression)
>{
>	FILE *f;	/* input file */
>	FILE *g;	/* output file */
>	byte ideakey[16];
>	struct hashedpw *hpw;

Note that idea key is a 16 bytes.

Now idea_encryptfile calls squish_and_idea_file in crypto.c
with this 16 byte key.

>	/* Now compress the plaintext and encrypt it with IDEA... */
>	squish_and_idea_file( ideakey, f, g, attempt_compression );

Now squish_and_idea_file calls idea_file in the module crypto.c
with the same 16 byte key.

>static int squish_and_idea_file(byte *ideakey, FILE *f, FILE *g, 
>	boolean attempt_compression)
>{