From: Anand Abhyankar <anand@querisoft.com>
To: Jeremey Barrett <jeremey@veriweb.com>
Message Hash: 955b004cc049b89b5bff5375c05f4885fde4d379993a6be6738164c6773c785a
Message ID: <3328D1C4.2736@querisoft.com>
Reply To: <33203B5E.28D8E637@veriweb.com>
UTC Datetime: 1997-03-13 15:47:41 UTC
Raw Date: Thu, 13 Mar 1997 07:47:41 -0800 (PST)
From: Anand Abhyankar <anand@querisoft.com>
Date: Thu, 13 Mar 1997 07:47:41 -0800 (PST)
To: Jeremey Barrett <jeremey@veriweb.com>
Subject: Re: SecureFile
In-Reply-To: <33203B5E.28D8E637@veriweb.com>
Message-ID: <3328D1C4.2736@querisoft.com>
MIME-Version: 1.0
Content-Type: text/plain
Jeremey Barrett wrote:
> Out of curiosity, do you know how the keys are protected by windoze
> itself?
I am sorry I dont understand you question.
> I have the CAPI cd but have had all of 5 minutes to look at it. I would
> presume they're hashing your password into a key and then encrypting
> with
> it, or encrypting another key with it. Any idea?
Your Windows password is not used to actually any data. The Windows
login just lets you access your keys. This way even if you change your
Windows password it will not affect yout CAPI installation. As long as
the OS identifies you it lets you access your keys.
> What is somewhat bothersome (and this would go for anything using CAPI
> in the way your product does) is the reliance upon the windoze password.
> If that were compromised, it seems all other CAPI integrated keys would
> also be compromised. Let's hope they choose good passwords, and know not
> to re-use the same one on the net somewhere. :-)
Yes! you are right. Security without a good policy is an open door.
> (BTW, does windoze allow arbitrary length passwords or phrases, or does
> it
> have a short limit?)
>
This can be configured by the administrator of the domain.
> Jeremey.
Thank you for your interest in SecureFile. Please feel free to ask any
questions you may have.
Anand Abhyankar
--
\|||/
( O-O )
*----------------*-----------*--------.ooo0--(_)-0ooo.----------*
Anand Abhyankar
Querisoft Systems Pvt. Ltd. Email : anand@querisoft.com
810, Sindh Society, Aundh, Phone (Off) : 91-212-385925
Pune - 411 007. INDIA (Res) : 91-212-351023
.oooO
( ) Oooo.
*----------------*-----------*------------\ (----( )----------*
\_) ) /
(_/
Return to March 1997
Return to “Jeremey Barrett <jeremey@veriweb.com>”