lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 26 Apr 2007 19:56:56 -0600
From: "Dan Bambach" <Dan@...mbach.net>
To: "'James Matthews'" <nytrokiss@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: FW: Steganos Encrypted Safe NOT so safe

I have tried to "crack" a safe drive and failed. I am not as crypto savvy as
many on this group are, so my efforts may be view as first level. I did have
a drive sent off to a recovery company a while ago and they were unable to
crack the safe drive. I would think if there was a simple crack like the one
posted, they would have been able to recover the drive.

 

Dan

  _____  

From: James Matthews [mailto:nytrokiss@...il.com] 
Sent: Thursday, April 26, 2007 7:27 PM
To: Dan Bambach
Cc: steven@...urityzone.org; full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] FW: Steganos Encrypted Safe NOT so safe

 

Alot of times people find there bugs but what can we do! How do we know that
the encrypted drives work?

On 4/26/07, Dan Bambach < dan@...mbach.net <mailto:dan@...mbach.net> >
wrote:

When this was first posted, I tried to duplicate the procedure written up 
before sending it off to Steganos. I was unable to, so I thought maybe I was
missing something. Guess not...

Dan

Dan Bambach
R.T.C., Inc.
Engineering/Service Manager
915-584-6646
915-526-7635  (Cell) 
915-584-6265  (Fax)

-----Original Message-----
From: Steven Adair [mailto:steven@...urityzone.org]
Sent: Thursday, April 26, 2007 2:32 PM
To: Dan Bambach
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] FW: Steganos Encrypted Safe NOT so safe

It is funny that this stuff ever comes to surface.  Now I am wondering if 
this a case of trying to spread FUD or someone who just didn't pay any
attention to what was going on?

Steven
securityzone.org

> I forwarded the original issue to Steganos as I am a user of their 
> software
> package.  This is their reply and also posted on Security Focus.
>
> Regards
> Dan
>
> -----Original Message-----
> From: support@...ganos.com [mailto:support@...ganos.com]
> Sent: Thursday, April 26, 2007 6:56 AM
> To: bugtraq@...urityfocus.com  <mailto:bugtraq@...urityfocus.com> 
> Subject: Re: Steganos Encrypted Safe NOT so safe
>
> In response to frankrizzo604's comment, Steganos would like to dispel the
> rumor that its Steganos Safe encryption software is easily cracked. 
> Steganos
> Safe enables users to create any number of secure virtual drives in which
> data is safely stored and encrypted. However frankrizzo604 goes through
> several steps 'teaching' users how to open others' encrypted files. In his

> last step, he claims Steganos will 'PUNISH you by resetting your encrypted
> drives passwords to "123" until you buy a registered copy', implying that
> the password feature can be circumvented thus opening anyone's safe. He 
> conveniently left out that before he was able to reset the password to
> "123", he had to enter his original password to open the safe. Then, he
> saw
> this message box:
>
> http://www1.steganos.com/support/screenshots/safe8_123_infobox.png
>
> It is absolutely not possible to open any Steganos Encrypted File without 
> having the original password. The Steganos support and development team
> reconstructed the process he described. It is not possible to open a Safe
> WITHOUT the original password. In the 2007 generation of Steganos 
> products,
> Steganos decided to set the Safe attributes to write protect. Steganos
> would
> like its user to rest assured that their files are in fact still encrypted
> and safe from hackers. 
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html 
> Hosted and sponsored by Secunia - http://secunia.com/
>





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 




-- 
http://www.goldwatches.com/watches.asp?Brand=39
http://www.wazoozle.com  <http://www.wazoozle.com> 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ