BugTraq
Steganos Encrypted Safe NOT so safe Apr 11 2007 06:30PM
frankrizzo604 gmail com (1 replies)
Re: Steganos Encrypted Safe NOT so safe Apr 14 2007 12:28AM
Andreas Beck (becka-list-bugtraq bedatec de)
frankrizzo604 (at) gmail (dot) com [email concealed] wrote:
> They boast how excellent their encryption and how uncrackable they are.

If your findings are true, it is utterly insecure. Worse than what you
found.

Can someone confirm this vulnerability?

> Simply mount anyones .SLE file encrypted drive into the software and it
> will ask you for their password but won't let you in because it's
> encrypted.

If your findings are true, it is not encrypted, bute merely
access-controlled by the Steganos Software.

If it were encrypted - in the sense of "encrypted with the passphrase, so
unuseable without that" - the program would simply be unable to do something
like:

> [update detects fake key and]
> after the update and it will now PUNISH you by resetting your
> encrypted drives passwords to "123" until you buy a registered copy.

This should be impossible, if the passphrase would play a role in the
encryption.

> Stores passwords in clear text.

Yes - the key must be retrievable in some way, if the password can be
changed without knowledge of the prior password.

Kind regards,

Andreas Beck

--
Andreas Beck
http://www.bedatec.de/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus