Quick commercial package question
Leonard Rosenthol
leonardr at aladdinsys.com
Wed Oct 25 11:01:57 PDT 1995
At 10:57 PM 10/24/95, Marshall Clow wrote:
>> http://www.uccs.edu/~abusby/mac_u-g/RemoveIt.sit.bin
>>
I also just checked this out, and I as the engineer currently
responsible for StuffIt (and having worked on it for a number of years), I
can tell you that the thing simply won't work as documented. I'll even
explain why...
StuffIt actually encrypts data (it doesn't just password protect
it), but it does so using a COMPLETELY RANDOM key and then that random key
is encrypted using the password that the user entered (user key) and then
stored in the MKey resource. We do this so that the same file encrypted
with the same "user key" doesn't generate the same data (and therefore aid
in easier breaking). So by replacing an archive's MKey resource, only
means that you can manipulate an encrypted archive (delete things, etc.)
BUT it still won't decrypt your data, since the original encryption key is
not present.
If you know the person who wrote or posted the information, please
feel free to forward my message along to him.
Thanks,
Leonard Rosenthol
-----------------------------------------------------------------------------
Leonard Rosenthol Internet: leonardr at aladdinsys.com
Director of Advanced Technology AppleLink: MACgician
Aladdin Systems, Inc. America Online: MACgician
More information about the cypherpunks-legacy
mailing list