At 21:24 23-8-2001, Desmond Irvine wrote: >Respondus Version 1.1.2 (7-26-2001) stores passwords using weak encryption. > It's not only Respondus, but many other programs that needs to store passwords for, let's say, FTP access that use a very weak encryption system. Two examples I recently discovered are UltraEdit v8.x and CuteFtp v4.2. Both use a very weak encoding system to store passwords for the FTP accounts. CuteFtp uses quite a weak system, but when using a password for the site manager, the sm.dat file is encrypted and it makes access to the encrypted passwords a little harder.. For some more info about the used encryption methods: http://www.eve-software.com/security In the help-file from UltraEdit, the following section can be found: This checkbox determines if UltraEdit will save the password for later reference. If not the user will be prompted for the password as required. Note – if the password is saved it is stored on the system. It is encrypted however the encryption mechanism is unsophisticated and should not be relied upon as a method of security. --- Edwin van Elk evelkat_private
This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 18:27:04 PDT