Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Steganos Encrypted Safe NOT so safe

From: Andreas Beck <becka-list-bugtraq () bedatec de>
Date: Sat, 14 Apr 2007 02:28:42 +0200
frankrizzo604 () gmail com wrote:

They boast how excellent their encryption and how uncrackable they are. 


If your findings are true, it is utterly insecure. Worse than what you
found.

Can someone confirm this vulnerability?


Simply mount anyones .SLE file encrypted drive into the software and it 
will ask you for their password but won't let you in because it's 
encrypted.


If your findings are true, it is not encrypted, bute merely
access-controlled by the Steganos Software.

If it were encrypted - in the sense of "encrypted with the passphrase, so
unuseable without that" - the program would simply be unable to do something 
like:


[update detects fake key and]
after the update and it will now PUNISH you by resetting your
encrypted drives passwords to "123" until you buy a registered copy.


This should be impossible, if the passphrase would play a role in the
encryption.


Stores passwords in clear text. 


Yes - the key must be retrievable in some way, if the password can be
changed without knowledge of the prior password.


Kind regards,

Andreas Beck

-- 
Andreas Beck
http://www.bedatec.de/
Previous By Date Next
Previous By Thread Next

Current thread: