lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 25 Apr 2006 02:17:20 +0200
From: Andreas Beck <becka-list-bugtraq@...atec.de>
To: bugtraq@...urityfocus.com
Subject: Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS


ntwak0@...ehack.com wrote:
> ################# ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ################
> ### Affected    : iOpus Secure Email Attachments                           ###
> ### Link        : http://www.iopus.com/freeware/secure%2Demail/            ###
> ### Type        : File Encryption Tool                                     ###
> ### Problem     : Passphrase guessing, Passphrase Issue                    ###
> ##############################################################################
> ### From iopus web site "iOpus SEA protects your data not only on its way  ###
> ### across the internet, but also on the recipient's PC." THIS IS ONLY     ###
> ### TRUE IF YOU DID NOT PICK SOME TYPE OF PASSWORDS.                       ###

It is never true.

> ### I have found a problem with the way iOpus handle the user password.    ###
> ### The problem can EXPOSE your Protected encrypted file if you did not    ###
> ### pay attention when you pick your password.                             ###

It is always exposed.

> ### 1- Create a text file with one word inside "hello"                     ###
> ### 2- Encrypt your text.txt file using iOpus. The out put is text.exe     ###

Umm ... yeah. Great. 

So you send .exe files across the internet and think anything is safe,
then?

If you do this, you expose the data anyway. And worse: You pose a threat
to any of your correspondents.

Why?

Because anyone who could get a copy of the encryted file is very
possibly also able to either _replace_ it with a manipulated copy
(which requires a little bit more than just read access), or 
just send a plausible followup-message with a "correction".

In any case, he can easily coax the receiver into executing an untrusted
binary. Because that is, what you are expecting of the receiver anyway.
And you are even telling him that this is in the interest of security.

In the case where you are only interested in the file contents, you
could just use an .exe-Infector that will download and install a
keylogger before executing the infected binary inside.
Or you can piggy-pack it with a Screenshot-Maker to view the contents as
they are displayed.

However, you could go even further and completely trojanize the system
in question.

So basically any "Self-extracting/-encrypting" Scheme is not suitable
for protecting messages that are sent through insecure channels.

You can use them, to _protect data from view_, when you can ensure
message integrity by some other means. E.g. for data you carry around 
on an USB Stick that you always keep very safe.

In this case, it can protect your data, if it is stolen. Howver it
cannot protect it, if somebody can _alter_ the data and you cannot
ensure integrity by other means.


Other than that, if somebody manages to get cryptography _this wrong:

> ### 3- Pick AAAAAAAAAAAAAAAAAAA as password                                ###
> ### 4- Encrypt the file                                                    ###
> ### 5- Double click text.exe to open it, you should see Enter Password     ###
> ### 6- Now you think you need to enter AAAAAAAAAAAAAAAAAAA right ? WRONG   ###
> ###    Just enter A or AA and you will have access to your so called       ###
> ###    protected file(s).                                                  ###
> ### 7- You can try with ABCABCABCABCABC as password. To access the file    ###
> ###    you guessed it you DO NOT NEED To enter ALL your password :-) you   ###
> ###    can just enter ABC and you will have access to your protected data  ###
> ### 8- Let us see if you can find what you need to enter if you have a     ###
> ###    password like this "ABCDEFGABCDEFGABCDEFG". I hope you got it       ###
> ###    You need to enter ABCDEFG.                                          ###

I wouldn't trust him farther than I can throw his whole company
building.

To be honest, I quite don't see, how one can manage to make this kind of
mistake and at the same time use Blowfish with "a key length of up to
448 bits".

Actually it sound's like they are doing XOR encoding with a repeating
pattern (which would have exactly the properties you describe).

Possibly, that they are doing some silly kind of key expansion, 
by repeating the keyphrase until the keylength is reached.


Kind regards,

Andreas Beck

-- 
Andreas Beck
http://www.bedatec.de/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ