From: jamiel@sybase.com (Jamie Lawrence)
Date: Fri, 9 Sep 94 17:03:46 PDT
To: cypherpunks@toad.com
Subject: Lame security software
Message-ID: <aa96a7ef010210032ab4@[130.214.233.14]>
MIME-Version: 1.0
Content-Type: text/plain



In showing a co-worker why a lot of the cryptographic software
out there is really bad to use, I found one of the worst examples
I've ever run across, and I'm in a sharing mood today. For those
Mac users out there, get ahold of Norton Partition, which ships
with Norton Utilities 2.0. I was demoing the only way it should
be counted on for anything, and then not much, by setting up a
non-automounting DES encrypted soft partition. I chose the password
'cheesetoast', and explained why this was a bad choice, etc. Well,
upon mounting the disk to demo something else, I misstyped 'cheeseto "
(that last character is a space), and whad do you know, it mounted. I
suspect it checks a hash of the first eight characters, tossing the
rest, but don't have time to check and see if that is the case.

Happy ending - My coworker then asked "What is that PGP think again?"


-j
--
"Blah Blah Blah"
___________________________________________________________________
Jamie Lawrence                                  <jamiel@sybase.com>