| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Apr 2007 02:28:42 +0200 From: Andreas Beck <becka-list-bugtraq@...atec.de> To: bugtraq@...urityfocus.com Subject: Re: Steganos Encrypted Safe NOT so safe frankrizzo604@...il.com wrote: > They boast how excellent their encryption and how uncrackable they are. If your findings are true, it is utterly insecure. Worse than what you found. Can someone confirm this vulnerability? > Simply mount anyones .SLE file encrypted drive into the software and it > will ask you for their password but won't let you in because it's > encrypted. If your findings are true, it is not encrypted, bute merely access-controlled by the Steganos Software. If it were encrypted - in the sense of "encrypted with the passphrase, so unuseable without that" - the program would simply be unable to do something like: > [update detects fake key and] > after the update and it will now PUNISH you by resetting your > encrypted drives passwords to "123" until you buy a registered copy. This should be impossible, if the passphrase would play a role in the encryption. > Stores passwords in clear text. Yes - the key must be retrievable in some way, if the password can be changed without knowledge of the prior password. Kind regards, Andreas Beck -- Andreas Beck http://www.bedatec.de/
Powered by blists - more mailing lists