Michael, We are prefectly aware that on older versions of FP the password is visible with a hex editor. But since any school would be foolish to allow such programs to run in the first place, the issue is a dead end 99.9% of the time. This is not military style, espionage-level security - it is for public workstations with restricted purposes and limited applications. As you indicated, typical computers are exceedingly simple to understand and horse around with. We agree, and appreciate that most high schoolers can easily grasp what is required to operate and even program computers. This should not be surprising to anyone. That being said, the point of security for most schools is one of convenience and very casual play with the machines by students. FoolProof can be configured to be very hard to break indeed, but some schools simply do not want to configure it in that fashion - and they may well be right if they know thier students well. Don't worry - more encryption and more features are always in the works. Take care, SmartStuff Software Technical Support 800-671-3999 Michael Ballbach,ballbachat_private writes: [ I'm cc'ing smartstuff, maybe this time they'll hear us. Smartstuff, feel free to contact me for more information on what I know. The following refers to foolproof v1 - v3, on a mac. ] Holding shift to bypass foolproof on a mac is ineffective if you enable the disable foolproof bypass on extension bypass option or however it's phrased in there. The password is not base64 encoded, and depending on the version there are various (very poor) methods of trying to obscure it, in the preference files for versions prior to 3, the password sticks out like a sore thumb, and with versions 3+ it's a tad more obscure, but the method of encryption has not changed. I broke the encryption my freshmen year in high school and it took about an hour with a piece of paper and a hex editor, I didn't even use a calculator. The base conversions took the most time. (ok ok two pieces of paper) Perhaps these issues coming into the public will force smartstuff to do something about it, I've contacted them many times and they either ignore me, or some guy that has no clue what's happening replies and blows me off. I'd publish the encryption details but doing so would compromise the security of thousands of machines (including the ones I used to run), and I don't think that's worth it... (I think smartstuff would agree) It's a good program over all, but they really picked a very poor method of encryption for a program that's supposed to protect machines at educational institutions... christ I'm a high school drop out and it wasn't a challenge for me.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:49 PDT