-----BEGIN PGP SIGNED MESSAGE-----
Querisoft's SecureFile v1.0 Beta for Windows NT and Windows 95 (with IE 3.x) is now available for download from http://www.querisoft.com/securefile.html. This is one of the first client applications that uses Microsoft's CAPI 2.0 (beta)
Umm... reading your faq... (http://www.querisoft.com/SFFAQ.html) you state that you use the windows95 user password as the password for encrypting files. You also seem to imply that you don't actually _ask_ for the password, windows gives it to you (albeit hashed or something already, I imagine). If that is the case, that is extremely worrisome. In fact it's outrageous. That would imply that any _other_ application, benign or evil, could also access the same password and immediately decrypt files. Is that so? (Not coding much on windows, I don't know if applications can access the user's hashed or encrypted password, but I would guess they could.) Jeremey. - -- =-----------------------------------------------------------------------= Jeremey Barrett VeriWeb Internet Corp. Crypto, Ecash, Commerce Systems http://www.veriweb.com/ PGP Key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64 =-----------------------------------------------------------------------= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMyA7YS/fy+vkqMxNAQGVSAP/dc1ZwWdfdJZ8gfJNUY3tias5LZi3pWzf NihyMClArDG7Nb+XQ+s+EILi+FCMCJgtnxoc5AYGW/M/2YlHq9P0ZsUG/PQCgP9x 3+rHi8Zl2BIEqhbkKh0RfAo1Ag6/gSygpTKJz+jQCb440FpTT1CpFCKyN5HSNczc ZuJwhM4Fzi4= =ao2E -----END PGP SIGNATURE-----