exploit the possibilities

GSTOOL 4.7 Insecure Encryption

GSTOOL 4.7 Insecure Encryption
Posted Sep 11, 2013
Authored by Jan Schejbal

GSTOOL versions 3.0 through 4.7 contain an insecure encryption feature using the non-public CHIASMUS block cipher.

tags | advisory
MD5 | e7a74491e2bb61e4163e19c7f9bab188

GSTOOL 4.7 Insecure Encryption

Change Mirror Download
== Insecure CHIASMUS encryption in GSTOOL ==
GSTOOL versions 3.0 to 4.7 (inclusive) contain an insecure encryption
feature using the non-public CHIASMUS block cipher. Due to the use of an
insecure PRNG for key generation, files encrypted using the encryption
feature of this tool can be decrypted without knowledge of the key
within seconds to minutes.

The affected versions of GSTOOL were developed by Steria Mummert
Consulting for the German Federal Office for Information Security
(Bundesamt für Sicherheit in der Informationstechnik, BSI) and released
by the BSI.

We reported the issue to the BSI in November 2011. The BSI issued an
advisory warning users to stop using the encryption feature in the same
month. A patch disabling the vulnerable encryption feature was released
in June 2013. We later learned that the issue was independently
discovered by Felix Schuster in 2009.

For full details including further issues found, please see the German
advisory, available at
http://janschejbal.wordpress.com/2013/09/11/advisory-unsichere-verschluesselung-bei-gstool/.
Since this is an implementation issue, the CHIASMUS block cipher itself
and other products (e.g. Chiasmus for Windows) using the CHIASMUS block
cipher are NOT affected.

Kind regards,
Jan Schejbal

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    33 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close