From: “W. Kinney” <kinney@bogart.Colorado.EDU>
To: cypherpunks@toad.com
Message Hash: 269819296dd2cdbb82b9d7f8a1b3144abcd23acc595c114e4956e8b5dd00c612
Message ID: <9409111958.AA00309@bogart.Colorado.EDU>
Reply To: <aa96a7ef010210032ab4@[130.214.233.14]>
UTC Datetime: 1994-09-11 19:59:25 UTC
Raw Date: Sun, 11 Sep 94 12:59:25 PDT
From: "W. Kinney" <kinney@bogart.Colorado.EDU>
Date: Sun, 11 Sep 94 12:59:25 PDT
To: cypherpunks@toad.com
Subject: Re: Lame security software
In-Reply-To: <aa96a7ef010210032ab4@[130.214.233.14]>
Message-ID: <9409111958.AA00309@bogart.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain
Jamie Lawrence writes:
> I found one of the worst examples
> I've ever run across, and I'm in a sharing mood today. For those
> Mac users out there, get ahold of Norton Partition, which ships
> with Norton Utilities 2.0. I was demoing the only way it should
> be counted on for anything, and then not much, by setting up a
> non-automounting DES encrypted soft partition. I chose the password
> 'cheesetoast', and explained why this was a bad choice, etc. Well,
> upon mounting the disk to demo something else, I misstyped 'cheeseto "
> (that last character is a space), and whad do you know, it mounted. I
> suspect it checks a hash of the first eight characters, tossing the
> rest, but don't have time to check and see if that is the case.
Oh, it's worse than that. Try it out and you'll find that Norton Partition
gets 56 bits from 64 by throwing away the _low_ bit in each of the eight
characters of your password.
Worse still, Norton Partition includes a block of data
at the beginning of the disk partition you create, which encrypts your
password with an xor cipher. I haven't had time to work out the complete
mapping as of yet, but change one bit in your password, and one bit
in the header block changes. This goes beyond a poor implementation and
into the territory of a deliberate back door.
Damned irresponsible.
-- Will
Return to September 1994
Return to ““W. Kinney” <kinney@bogart.Colorado.EDU>”