[9237] in bugtraq
Password manager big lie.
daemon@ATHENA.MIT.EDU (ET LoWNOISE)
Tue Jan 26 16:09:12 1999
Date: Tue, 26 Jan 1999 00:56:48 -0500
Reply-To: ET LoWNOISE <et@CYBERSPACE.ORG>
From: ET LoWNOISE <et@CYBERSPACE.ORG>
To: BUGTRAQ@NETSPACE.ORG
[LOWNOISE] Advisory:
et@cyberspace.org
by ET.
PADLOCK-IT 1.01
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
DISCLAIMER: Learn, there are dark things behind a nice GUI.
Well, maybe this isnt a topic for bugtraq but many people is
using this kind of programs to protect all kind of passwords.
(Dial-up passwords, UNIX accounts, etc etc etc..............)
This is just a quick note about this product. Im going deeper
later.
PRODUCT: PADLOCK-IT Version 1.01 1998
1998 WinWare Inc.
1998 eEye Digital Security Team <---- Hmmmm!!
http://www.eEye.com
PROBLEM: Poor Implementation of TWOFISH
(Counterpane Systems) encryption
DESCRIPTION: PadLock-it is a utility program for
Windows 95, 98 and NT. It remembers
all your passwords in a single, easy
to use interface. It protects your
passwords using encryption and fixes
many loop holes in windows applications
password management.
Well, im not a guru on cryptoanalisys but theres something
wrong about PadLock-it. I agree that it has a really cool
GUI and its easy to use. But its opening new problems on
password managment.
First, remeber that now all the passwords will be encrypted
on 1 file called Padlock-it.dat so any person can grab this
file and analize it using just a text editor.
Padlock-it.dat (EXAMPLE)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
[General]
Version=3D1.01
MP=3D588b1c441a
[Options]
TrayIcon=3D1
Confirm=3D0
Startup=3D1
Quick Tips=3D1
[Accounts]
prueba=3D4a0e54f8=84=854a0e54f8625f
prueba1=3D5d2bd3e4e7=84=854a169a9f8901
prueba2=3D4a169a9f=84=853db126d6f1fc83a4
enter=3D588b1c441a=84=85588b1c441a
noise=3D5554c02c0b=84=855554c02c0b
--------------------------------------------------
First problem:
THEY ARE NOT USING A RANDOM SEED BETWEEN USERID AND HIS PASSWORD
example:
prueba =3D 4a169a9f__ 4a169a9f8900
root root98
If there are some weak passwords:
U can guess what is the weak password for a especified USER
Remember that is easy to have some USER IDs just because
other programs will give u that kind of info.
Second problem:
THEY ARE NOT USING A RANDOM SEED BETWEEN ACCOUNTS
example:
prueba1=3D 5d2bd3e4e7__ 4a169a9f8901
admin root98
So here is more help to have an idea to find the passwords
Third problem:
U CAN KNOW THE FIRST LETTER (and sometimes the SECOND too)
OF ANY USER ID AND THE PASSWORD (THIS INCLUDE THE MASTER
PASSWORD MP=3D "Take a look at the Padlock-it.dat (EXAMPLE)")
Weell there is no random seed (IMPORTANT PART ON ANY CRYPTO-THING)
So here is it a very little table:
1st letter encrypted =09
a 5d =09
b 5f=09
c 5e=09
d 59
e 58
f 5a
g 5b
h 51
i 50
j 52
k 53
l 57
m 56
n 55
o 54
p 48=09
q 49
r 4a
s 4b
t 4d=09
u 4c
v 4f
w 4e
x 46
y 47
z 44
Another problem:
U KNOW HOW MANY CHARACTERS ARE IN THE USER ID AND THE
PASSWORD AND THE MASTER PASSWORD.
Count the characters on the encrypted password,
divide it by 2.
example:
prueba=3D4a0e54f8=84=854a0e54f8625f
=09
r*** r*****
prueba1=3D5d2bd3e4e7=84=854a169a9f8901
a**** r*****
Another problem:
THEY SAY (On HELP):
I can only enter 5 characters for my master
password, why?
The evaluation version of PadLock-it=99
is limited to 40 bit encryption, only US
full versions of PadLock-it=99 support 128
bit encryption, which translates into 16
character passwords.
SO U KNOW THE FIRST LETTER OF THE MP SO A BRUTE FORCE
ATTACK IS EASY TO DO TO FIND THE NEXT 4 CHARACTERS.
Another problem:
THEY SAY (On HELP):
I forgot my master password, can I get it
back?
=09
No, PadLock-it uses a state of the art security
that is unbreakable, no one can get your master
password. Not even the developers of PadLock-it.
WHEN U ENTER TO EDIT AN ACCOUNT PADLOCK DECRYPT THE
USERID AND IT SHOW YOU ON CLEAR TEXT.
=09
THE MP USES THE SAME TWOFISH ENCRYPTION WITHOUT SEED
LIKE THE ACCOUNTS:
[General]
Version=3D1.01
MP=3D588b1c441a "guess the password"
=09
[Accounts]
enter=3D588b1c441a=84=85588b1c441a
"enter" "enter"
THE MP JUST WORK TO AUTENTICATE YOU, IT HAS NO JOB
ON LATER ENCRYPTION.
CONCLUSION:
IF THEY DECRYPT THE USER ID, THEY CAN BREAK
THE MP.!!!!!
NOTE:
THEY SAY:
=09
What Encryption algorythm does PadLock-it=99 use?
PadLock-it=99 uses the latest release of Twofish
encryption from Counterpane Systems.
BRUCE SCHNEIER is the president of Counterpane
Systems, the author of Applied Cryptography
(John Wiley & Sons, 1994 & 1996), and the
developer of Blowfish and Twofish.
WELL THEY ARE JUST USING THE POPULARITY OF A
GREAT DUDE... Twofish its c00l... the
implementation on this proggy just sucks.
=09
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Efrain `ET` Torres
LoWNOISE Colombia.
et@cyberspace.org
1999
et@my.narco-goverment.sucks.co
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
