encryption bloats file

Scott Lambdin lopaki at gmail.com
Sat Jan 10 02:04:50 CET 2009


It looks like all digits and capital letters.  And some kind of spaces or
tabs.   It's not a bomb.  These file come in routinely.  All the ones I have
looked at (ftp'd size vs the unencrypted file sitting in archive) are right
about 2-to-1.

To get a still encrypted file, I would have to file a request to modify a
script and at least 3 groups would have to approve the request.  And I would
have to wait at least 1 week before I actually made the change.  I remember
freedom. . . . .

Thanks.

On Fri, Jan 9, 2009 at 7:50 PM, David Shaw <dshaw at jabberwocky.com> wrote:

> On Jan 9, 2009, at 7:07 PM, Robert J. Hansen wrote:
>
> Scott Lambdin wrote:
>>
>>> Someone sends us a big ~700MB pgp encrypted file and when we decrypt it
>>> the resulting file is about half that size.  Anyone have an idea what
>>> they might be doing to swell it up like that?
>>>
>>
>> Option 1: they're not using compression and they're ASCII-armoring the
>> file.  You can expect to see a large size swell.
>>
>
> Not double.  By definition ASCII armor is around 1/3 larger (actually 137%)
> than the original document (not counting headers and such, but they only
> amount to a few hundred bytes, not megs).
>
> Option 2: they're sending a file that's carefully crafted to blow up.
>> I've seen a ridiculously tiny zip archive (a couple of K) that expands
>> into hundreds of terabytes.  There are sixteen zip archives in that zip
>> archive, each zip archive expands into another sixteen zip archives,
>> each of those zip archives expands into several gigs of zeros, etc., etc.
>>
>
> Other way around - the original file was ~700MB.  The decrypted file was
> ~350MB.
>
> Incidentally, GPG has code to deal with the potential denial of service
> from a "bzip bomb" like you mention.  See the --max-output option.
>
> Scott, do you know what OpenPGP program created the file that was sent to
> you?  Can you tell us what sort of data it it?  (text?  binary?  image file?
> (if so, jpeg?  mpeg? other?)   Also please try decrypting the file again and
> add "-v -v" to the command line.  Please send us anything you can that isn't
> sensitive (specifically the compressed packet algo number, and the raw data
> size and mode from the literal data packet).
>
> David
>



-- 
There's a box?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090109/ec30f54f/attachment.htm>


More information about the Gnupg-users mailing list