1995-09-24 - Re: macworld crypto articles

Header Data

From: chen@intuit.com (Mark Chen)
To: dmandl@panix.com (David Mandl)
Message Hash: 279e53fa4d8e4733f49f1efc6ed059476ef0d0f2771c0217fce403cde71ccd4e
Message ID: <9509241729.AA17667@doom.intuit.com>
Reply To: <v01530501ac8b23d65a53@[166.84.250.21]>
UTC Datetime: 1995-09-24 17:34:20 UTC
Raw Date: Sun, 24 Sep 95 10:34:20 PDT

Raw message

From: chen@intuit.com (Mark Chen)
Date: Sun, 24 Sep 95 10:34:20 PDT
To: dmandl@panix.com (David Mandl)
Subject: Re: macworld crypto articles
In-Reply-To: <v01530501ac8b23d65a53@[166.84.250.21]>
Message-ID: <9509241729.AA17667@doom.intuit.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave,

> At 3:49 PM 9/23/95, steven ryan wrote:
> >They searched for an applications programmer *UN*skilled at cryptography to
> >try and crack the password protection of the 8 best selling Mac programs.
> >Quicken 5.0 was cracked in 5 minutes. Adobe Acrobat in 2 hours.
> 
> Yup, pretty amazing.  I only skimmed the article, but I believe that out of
> all the programs he tried, there was only one whose crypto he couldn't
> crack.  I found it all a little hard to believe.  I mean, even if they used
> the most obsolete algorithm, wouldn't you have to know _something_ about
> cryptanalysis to crack it?  Are these vendors just putting a "this file is
> locked with this such and such a password" string at the front of the file,
> or what?

I hate to say it, but in the case of Quicken, this is exactly right.

In version 5.0, we've taken measures to protect the online financial
stuff, but there's no serious protection at all on the local data
file.  It's truly a deplorable state of affairs.

   - Mark -


--
Mark Chen 
chen@intuit.com
415/329-6913
finger for PGP public key
D4 99 54 2A 98 B1 48 0C  CF 95 A5 B0 6E E0 1E 1D




Thread