Yet Another password storing problem (was: Re: Possible Netscape

Yiorgos Adamopoulos (adamo@dblab.ece.ntua.gr)
Fri, 19 Feb 1999 16:58:13 +0200 

On Tue, Feb 16, 1999 at 01:02:08PM -0600, HD Moore wrote:
> The password is *still* in the registry after you close netscape,

Now that we are talking about Netscape, here is another similar bug.

Kabsoftware (http://www.kabsoftware.com) produces a *very* handy utility that
let's you check your email via POP3 (without downloading it) and other stuff
like that (check their www page if you are interested).

It appears that Lydia (the utility) stores the user passwords in
C:\Windows\Lydia.INI.

However, the encryption algorithm is trivial.  I am not a cryptanalyst in any
way and it took me 30min to find out the mapping between the ascii space and
the scrambling they do. (Basically they map each character to 2 bytes).

I notified Kabsoftware in January, and they responded promptly that "the
encryption in Lydia algorithm is casual" and that they are going to change it
in a future release.

--
Yiorgos Adamopoulos         -- #include <std/disclaimer.h>
adamo@dblab.ece.ntua.gr     -- Knowledge and Data Base Systems Laboratory, NTUA