C (michael.bauer@guidant.com)
Tue, 20 Oct 1998 12:59:06 -0500
I think I found the answer to my own question: according to Symantec's own
Knowledge Base, pcANYWHERE32's proprietary encryption scheme can be broken
"without too much work" (actual quote). Hm, that sure implies something
stupid like XOR. On the upside(?) if pcA32 is installed on a system that
has the MS Crypto API (as provided by MSIE 3.02+ or NT SP3), pcA32 can use
"Symmetric" encryption (ooh! MS's groovy implementation of RC-4 with 40- or
128-bit keys). If one's system has both Crypto API and a Verisign Digital
ID, pcA can use encryption with public-key crypto. So there are, after all,
two possibly-adequate crypto schemes that can be used in pcANYWHERE (but I
don't think I'd use either to control anything _really_ important).
Next question: does pcANYWHERE store user-passwords in a secure fasion, or
are they written in clear text to the registry (or a pagefile)? (I have a
feeling the Symantec Knowledge Base doesn't say... ;-)
Cheers, Mick
> At 10:41 AM 10/20/98 -0500, Bauer, Michael (C)(STP) wrote:
> >Anyone got any crypanalytical dirt on PC-Anywhere? Is its cryptosystem
> any
> >good, or are they doing something stupid like XOR?
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:22