[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SecureFile
-----BEGIN PGP SIGNED MESSAGE-----
> Querisoft's SecureFile v1.0 Beta for Windows NT and Windows 95 (with IE
> 3.x) is now available
> for download from http://www.querisoft.com/securefile.html. This is one
> of the first client
> applications that uses Microsoft's CAPI 2.0 (beta)
Umm... reading your faq... (http://www.querisoft.com/SFFAQ.html) you
state that you use the windows95 user password as the password for
encrypting files. You also seem to imply that you don't actually
_ask_ for the password, windows gives it to you (albeit hashed
or something already, I imagine). If that is the case, that is extremely
worrisome. In fact it's outrageous.
That would imply that any _other_ application, benign or evil, could
also
access the same password and immediately decrypt files.
Is that so? (Not coding much on windows, I don't know if applications
can access the user's hashed or encrypted password, but I would guess
they could.)
Jeremey.
- --
=-----------------------------------------------------------------------=
Jeremey Barrett VeriWeb Internet Corp.
Crypto, Ecash, Commerce Systems http://www.veriweb.com/
PGP Key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64
=-----------------------------------------------------------------------=
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMyA7YS/fy+vkqMxNAQGVSAP/dc1ZwWdfdJZ8gfJNUY3tias5LZi3pWzf
NihyMClArDG7Nb+XQ+s+EILi+FCMCJgtnxoc5AYGW/M/2YlHq9P0ZsUG/PQCgP9x
3+rHi8Zl2BIEqhbkKh0RfAo1Ag6/gSygpTKJz+jQCb440FpTT1CpFCKyN5HSNczc
ZuJwhM4Fzi4=
=ao2E
-----END PGP SIGNATURE-----