Shoddy encryption in Iomega One-Step Backup (fwd)

From: aberrant (aberrantat_private)
Date: Thu Jan 14 1999 - 09:39:05 PST

Next message: Wietse Venema: "Re: Tracing by uid u after root does setuid(u)"

Previous message: monti: "test-cgi - Re: HTTP REQUEST METHOD flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I searched the archives and didn't find anything regarding this.  The vendor
was notified over a week ago and, aside from the standard "Thank you for
your concern" response, has not bothered to contact me.

While playing with my new Iomega Jaz 2GB drive the other day, I found an
interesting (disturbing) "feature" with the One-Step Backup program that
is shipped with the drive (and is also available, presumably for Iomega's
other products, on their web site).  I've confirmed through Iomega tech
support that this is the latest version of the One-Step software out there
(verion reported by Windows95 as 5.30).

In the backup configuration dialog, there's a "security" tab that allows
the user to specify a password to limit access to the backup file that is
stored on the Jaz disk.  Curious as to what encryption they used, I checked
the final backup file and was dismayed.  The password appears after the
description of the backup (another user field), "encrypted" using the
following formula:

            E = P xor 0x1f

Where "P" is a byte of the plaintext password, and "E" is the stored
"encrypted" password.  Decryption is left as an exercise for the reader. :)

You can grab this very easily by doing an "od -c" on the backup file.  The
password is the first nonzero block past the description (and a 001) and
usually resides around offset 0470 (octal).

This formula works in every case I tried (alphanumerics, special chars, etc.).
Incidentally, it appears that the password is used solely for access control;
the rest of the backup file appears to be unencrypted (though compressed at
the user's option).

<rant>

I know aleph1 instructed us to be kinder and gentler in this list, but this
is just pathetic.  If you're going to have an advertised "security"
feature with any sort of a key, there's a reasonable expectation by the
user that the key not be easily recoverable.  I'm certainly not a security
expert, but I don't see any reason to store the key in a recoverable
format in this case.  If all you want to do is control access, a one-way
hash should suffice (though still subject to brute force, it's better than
this).

This is just one example of shoddy programming coming out of Iomega (the
others are not security-related, but if you're interested, drop me a line
and I'll give you the whole history).

Iomega, if you're listening, it's time you took the Ovaltine decoder rings
away from your programmmers and replaced them with a good text on security.

</rant>

Cheers,

Aberrant
aberrantat_private

Next message: Wietse Venema: "Re: Tracing by uid u after root does setuid(u)"
Previous message: monti: "test-cgi - Re: HTTP REQUEST METHOD flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:46 PDT