Re: macworld crypto articles
At 3:49 PM 9/23/95, steven ryan wrote:
They searched for an applications programmer *UN*skilled at cryptography to try and crack the password protection of the 8 best selling Mac programs. Quicken 5.0 was cracked in 5 minutes. Adobe Acrobat in 2 hours.
Yup, pretty amazing. I only skimmed the article, but I believe that out of all the programs he tried, there was only one whose crypto he couldn't crack. I found it all a little hard to believe. I mean, even if they used the most obsolete algorithm, wouldn't you have to know _something_ about cryptanalysis to crack it? Are these vendors just putting a "this file is locked with this such and such a password" string at the front of the file, or what? Interesting historical note: In my old APL days (early 80's), IBM used to lock their VSAPL workspaces with just such a scheme--a "locked bit" at some fixed position in the file. But there were enough other reasons not to use that horrible product... --Dave. -- Dave Mandl dmandl@panix.com http://wfmu.org/~davem
Dave,
At 3:49 PM 9/23/95, steven ryan wrote:
They searched for an applications programmer *UN*skilled at cryptography to try and crack the password protection of the 8 best selling Mac programs. Quicken 5.0 was cracked in 5 minutes. Adobe Acrobat in 2 hours.
Yup, pretty amazing. I only skimmed the article, but I believe that out of all the programs he tried, there was only one whose crypto he couldn't crack. I found it all a little hard to believe. I mean, even if they used the most obsolete algorithm, wouldn't you have to know _something_ about cryptanalysis to crack it? Are these vendors just putting a "this file is locked with this such and such a password" string at the front of the file, or what?
I hate to say it, but in the case of Quicken, this is exactly right. In version 5.0, we've taken measures to protect the online financial stuff, but there's no serious protection at all on the local data file. It's truly a deplorable state of affairs. - Mark - -- Mark Chen chen@intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D
Dave Mandl wrote about some lame Mac crypto thing... [..]
Yup, pretty amazing. I only skimmed the article, but I believe that out of all the programs he tried, there was only one whose crypto he couldn't crack. I found it all a little hard to believe. I mean, even if they used the most obsolete algorithm, wouldn't you have to know _something_ about cryptanalysis to crack it? Are these vendors just putting a "this file is locked with this such and such a password" string at the front of the file, or what?
[..] Sounds like it's time for a Snake-Oil FAQ... Rob
participants (3)
-
chen@intuit.com -
Deranged Mutant -
dmandl@panix.com