Bugtraq mailing list archives
Re: Steganos Encrypted Safe NOT so safe
From: Andreas Beck <becka-list-bugtraq () bedatec de>
Date: Sat, 14 Apr 2007 02:28:42 +0200
frankrizzo604 () gmail com wrote:
They boast how excellent their encryption and how uncrackable they are.
If your findings are true, it is utterly insecure. Worse than what you found. Can someone confirm this vulnerability?
Simply mount anyones .SLE file encrypted drive into the software and it will ask you for their password but won't let you in because it's encrypted.
If your findings are true, it is not encrypted, bute merely access-controlled by the Steganos Software. If it were encrypted - in the sense of "encrypted with the passphrase, so unuseable without that" - the program would simply be unable to do something like:
[update detects fake key and] after the update and it will now PUNISH you by resetting your encrypted drives passwords to "123" until you buy a registered copy.
This should be impossible, if the passphrase would play a role in the encryption.
Stores passwords in clear text.
Yes - the key must be retrievable in some way, if the password can be changed without knowledge of the prior password. Kind regards, Andreas Beck -- Andreas Beck http://www.bedatec.de/
Current thread:
- Steganos Encrypted Safe NOT so safe frankrizzo604 (Apr 11)
- Re: Steganos Encrypted Safe NOT so safe Andreas Beck (Apr 14)
- <Possible follow-ups>
- Re: Steganos Encrypted Safe NOT so safe support (Apr 26)