Re: Secure Storage of Secrets in Windows

From: Olaf Titz (olafat_private)
Date: Tue May 18 1999 - 23:42:51 PDT

Next message: Larry W. Cashdollar: "IRIX midikeys root exploit."

Previous message: Morrill, Ralph: "Research question"
Maybe in reply to: Aleph One: "Secure Storage of Secrets in Windows"
Next in thread: Eivind Eklund: "Re: Secure Storage of Secrets in Windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The Win32 API provides such service. Although in the past it was found
> that its encryption was rather weak Microsoft claims to have fixed it,
> no one else has claimed otherwise, and its better than nothing.

Since this allows the encryption of user data and Microsoft ist U.S.
based , the algorithm _must_ be weak. Otherwise they could have used
just RC4 with the password as key instead of RC4 with a 32 bit(!)
hash of the password. This is not Microsoft stupidity but U.S.
government stupidity.

With today's CPU power 32 bit of key is not better than nothing.
I could brute force that in one week with my single PC.

Olaf

Next message: Larry W. Cashdollar: "IRIX midikeys root exploit."
Previous message: Morrill, Ralph: "Research question"
Maybe in reply to: Aleph One: "Secure Storage of Secrets in Windows"
Next in thread: Eivind Eklund: "Re: Secure Storage of Secrets in Windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:10 PDT