From: Jeremey Barrett <jeremey@veriweb.com>
To: anand@querisoft.com
Message Hash: e5ce517a6eee1e2fda334e44a3a83fecc52ccedc2a6ac2ff37c63d744688f65b
Message ID: <33203B5E.28D8E637@veriweb.com>
Reply To: N/A
UTC Datetime: 1997-03-07 23:55:49 UTC
Raw Date: Fri, 7 Mar 1997 15:55:49 -0800 (PST)
From: Jeremey Barrett <jeremey@veriweb.com>
Date: Fri, 7 Mar 1997 15:55:49 -0800 (PST)
To: anand@querisoft.com
Subject: Re: SecureFile
Message-ID: <33203B5E.28D8E637@veriweb.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
> Querisoft's SecureFile v1.0 Beta for Windows NT and Windows 95 (with IE
> 3.x) is now available
> for download from http://www.querisoft.com/securefile.html. This is one
> of the first client
> applications that uses Microsoft's CAPI 2.0 (beta)
Umm... reading your faq... (http://www.querisoft.com/SFFAQ.html) you
state that you use the windows95 user password as the password for
encrypting files. You also seem to imply that you don't actually
_ask_ for the password, windows gives it to you (albeit hashed
or something already, I imagine). If that is the case, that is extremely
worrisome. In fact it's outrageous.
That would imply that any _other_ application, benign or evil, could
also
access the same password and immediately decrypt files.
Is that so? (Not coding much on windows, I don't know if applications
can access the user's hashed or encrypted password, but I would guess
they could.)
Jeremey.
- --
=-----------------------------------------------------------------------=
Jeremey Barrett VeriWeb Internet Corp.
Crypto, Ecash, Commerce Systems http://www.veriweb.com/
PGP Key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64
=-----------------------------------------------------------------------=
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMyA7YS/fy+vkqMxNAQGVSAP/dc1ZwWdfdJZ8gfJNUY3tias5LZi3pWzf
NihyMClArDG7Nb+XQ+s+EILi+FCMCJgtnxoc5AYGW/M/2YlHq9P0ZsUG/PQCgP9x
3+rHi8Zl2BIEqhbkKh0RfAo1Ag6/gSygpTKJz+jQCb440FpTT1CpFCKyN5HSNczc
ZuJwhM4Fzi4=
=ao2E
-----END PGP SIGNATURE-----
Return to March 1997
Return to “Jeremey Barrett <jeremey@veriweb.com>”