Re: RSA's SecurPC not-so-"Secur"

Bruce Schneier (schneier@counterpane.com)
Thu, 14 May 1998 16:55:24 -0500

• Next message: John Wang: "SecurPC"
• Previous message: Jackson Dodd: "Announcing the Call for Papers - USENIX 1999 Annual Conference"
• Next in thread: Vin McLellan: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Vin McLellan: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Lewis McCarthy: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Kriston J. Rehberg: "Re: RSA's SecurPC not-so-"Secur""

At 02:04 PM 5/9/98 -0600, staym@accessdata.com wrote:
>SecurPC dumps your password in plaintext to the harddrive. It's found
>in random sectors, but always at a particular offset. Search on x35 x0f
>x00 x00 x00 at offset x07 using diskedit or the like and the password
>follows in plaintext.
 
According to Larry in Tech Support at Security Dynamics, Version 2.0 of RSA SecurPC fixed this and the password is now stored encrypted, whereas, yes, in earlier versions it could be located and read.

To me, this is nonsense marketing talk. The password was not "stored," it was accidentally written to disk. What version were you testing? Anyone have a newer version we can look at?

Bruce

**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590
                                            http://www.counterpane.com

• Next message: John Wang: "SecurPC"
• Previous message: Jackson Dodd: "Announcing the Call for Papers - USENIX 1999 Annual Conference"
• Next in thread: Vin McLellan: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Vin McLellan: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Lewis McCarthy: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Kriston J. Rehberg: "Re: RSA's SecurPC not-so-"Secur""