Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Steganos Encrypted Safe NOT so safe
From: Andreas Beck <becka-list-bugtraq () bedatec de>
Date: Sat, 14 Apr 2007 02:28:42 +0200
frankrizzo604 () gmail com wrote:

They boast how excellent their encryption and how uncrackable they are. 


If your findings are true, it is utterly insecure. Worse than what you
found.

Can someone confirm this vulnerability?


Simply mount anyones .SLE file encrypted drive into the software and it 
will ask you for their password but won't let you in because it's 
encrypted.


If your findings are true, it is not encrypted, bute merely
access-controlled by the Steganos Software.

If it were encrypted - in the sense of "encrypted with the passphrase, so
unuseable without that" - the program would simply be unable to do something 
like:


[update detects fake key and]
after the update and it will now PUNISH you by resetting your
encrypted drives passwords to "123" until you buy a registered copy.


This should be impossible, if the passphrase would play a role in the
encryption.


Stores passwords in clear text. 


Yes - the key must be retrievable in some way, if the password can be
changed without knowledge of the prior password.


Kind regards,

Andreas Beck

-- 
Andreas Beck
http://www.bedatec.de/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]