Re: Respondus v1.1.2 stores passwords using weak encryption

["E. van Elk" <evelk () dsv nl>]

At 21:24 23-8-2001, Desmond Irvine wrote:
>Respondus Version 1.1.2 (7-26-2001) stores passwords using weak encryption.
>

It's not only Respondus, but many other programs that needs to store 
passwords for, let's say, FTP access that use a very weak encryption system.

Two examples I recently discovered are UltraEdit v8.x and CuteFtp v4.2. 
Both use a very weak encoding system to store passwords for the FTP 
accounts. CuteFtp uses quite a weak system, but when using a password for 
the site manager, the sm.dat file is encrypted and it makes access to the 
encrypted passwords a little harder..

For some more info about the used encryption methods: 
http://www.eve-software.com/security

In the help-file from UltraEdit, the following section can be found:

This checkbox determines if UltraEdit will save the password for later 
reference.  If not the user will be prompted for the password as 
required.  Note – if the password is saved it is stored on the system.  It 
is encrypted however the encryption mechanism is unsophisticated and should 
not be relied upon as a  method of security.


---
Edwin van Elk
evelk () dsv nl