From: dmandl@panix.com (David Mandl)
Date: Sun, 24 Sep 95 08:12:53 PDT
To: steven ryan <sryan@reading.com>
Subject: Re: macworld crypto articles
Message-ID: <v01530501ac8b23d65a53@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:49 PM 9/23/95, steven ryan wrote:
>They searched for an applications programmer *UN*skilled at cryptography to
>try and crack the password protection of the 8 best selling Mac programs.
>Quicken 5.0 was cracked in 5 minutes. Adobe Acrobat in 2 hours.

Yup, pretty amazing.  I only skimmed the article, but I believe that out of
all the programs he tried, there was only one whose crypto he couldn't
crack.  I found it all a little hard to believe.  I mean, even if they used
the most obsolete algorithm, wouldn't you have to know _something_ about
cryptanalysis to crack it?  Are these vendors just putting a "this file is
locked with this such and such a password" string at the front of the file,
or what?

Interesting historical note: In my old APL days (early 80's), IBM used to
lock their VSAPL workspaces with just such a scheme--a "locked bit" at some
fixed position in the file.  But there were enough other reasons not to use
that horrible product...

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://wfmu.org/~davem