[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Quick commercial package question

At 10:57 PM 10/24/95, Marshall Clow wrote:
>>        http://www.uccs.edu/~abusby/mac_u-g/RemoveIt.sit.bin
        I also just checked this out, and I as the engineer currently
responsible for StuffIt (and having worked on it for a number of years), I
can tell you that the thing simply won't work as documented.   I'll even
explain why...

        StuffIt actually encrypts data (it doesn't just password protect
it), but it does so using a COMPLETELY RANDOM key and then that random key
is encrypted using the password that the user entered (user key) and then
stored in the MKey resource.  We do this so that the same file encrypted
with the same "user key" doesn't generate the same data (and therefore aid
in easier breaking).   So by replacing an archive's MKey resource, only
means that you can manipulate an encrypted archive (delete things, etc.)
BUT it still won't decrypt your data, since the original encryption key is
not present.

        If you know the person who wrote or posted the information, please
feel free to forward my message along to him.

Leonard Rosenthol

Leonard Rosenthol                     Internet:        [email protected]
Director of Advanced Technology       AppleLink:       MACgician
Aladdin Systems, Inc.                 America Online:  MACgician