Exploit the possiblities

PADLOCK.txt

PADLOCK.txt
Posted Aug 17, 1999
Authored by Efrain Torres

PADLOCK-IT v1.01 contains numerous security holes and improperly manages passwords, making for a very unsecure implementation of the Twofish encryption algorithm.

tags | exploit
MD5 | 58e106a995548c3122f4f31a2d6de181

PADLOCK.txt

Change Mirror Download

[LOWNOISE] Advisory:
et@cyberspace.org
by ET.
PADLOCK-IT 1.01
===============

DISCLAIMER: Learn, there are dark things behind a nice GUI.

Well, maybe this isnt a topic for bugtraq but many people is
using this kind of programs to protect all kind of passwords.
(Dial-up passwords, UNIX accounts, etc etc etc..............)
This is just a quick note about this product. Im going deeper
later.


PRODUCT: PADLOCK-IT Version 1.01 1998
1998 WinWare Inc.
1998 eEye Digital Security Team <---- Hmmmm!!
http://www.eEye.com

PROBLEM: Poor Implementation of TWOFISH
(Counterpane Systems) encryption


DESCRIPTION: PadLock-it is a utility program for
Windows 95, 98 and NT. It remembers
all your passwords in a single, easy
to use interface. It protects your
passwords using encryption and fixes
many loop holes in windows applications
password management.

Well, im not a guru on cryptoanalisys but theres something
wrong about PadLock-it. I agree that it has a really cool
GUI and its easy to use. But its opening new problems on
password managment.

First, remeber that now all the passwords will be encrypted
on 1 file called Padlock-it.dat so any person can grab this
file and analize it using just a text editor.

Padlock-it.dat (EXAMPLE)
=========================

[General]
Version=1.01
MP=588b1c441a

[Options]
TrayIcon=1
Confirm=0
Startup=1
Quick Tips=1

[Accounts]
prueba=4a0e54f8„…4a0e54f8625f
prueba1=5d2bd3e4e7„…4a169a9f8901
prueba2=4a169a9f„…3db126d6f1fc83a4
enter=588b1c441a„…588b1c441a
noise=5554c02c0b„…5554c02c0b

--------------------------------------------------
First problem:
THEY ARE NOT USING A RANDOM SEED BETWEEN USERID AND HIS PASSWORD

example:
prueba = 4a169a9f__ 4a169a9f8900
root root98

If there are some weak passwords:
U can guess what is the weak password for a especified USER
Remember that is easy to have some USER IDs just because
other programs will give u that kind of info.


Second problem:
THEY ARE NOT USING A RANDOM SEED BETWEEN ACCOUNTS

example:
prueba1= 5d2bd3e4e7__ 4a169a9f8901
admin root98

So here is more help to have an idea to find the passwords


Third problem:
U CAN KNOW THE FIRST LETTER (and sometimes the SECOND too)
OF ANY USER ID AND THE PASSWORD (THIS INCLUDE THE MASTER
PASSWORD MP= "Take a look at the Padlock-it.dat (EXAMPLE)")

Weell there is no random seed (IMPORTANT PART ON ANY CRYPTO-THING)

So here is it a very little table:


1st letter encrypted
a 5d
b 5f
c 5e
d 59
e 58
f 5a
g 5b
h 51
i 50
j 52
k 53
l 57
m 56
n 55
o 54
p 48
q 49
r 4a
s 4b
t 4d
u 4c
v 4f
w 4e
x 46
y 47
z 44

Another problem:
U KNOW HOW MANY CHARACTERS ARE IN THE USER ID AND THE
PASSWORD AND THE MASTER PASSWORD.

Count the characters on the encrypted password,
divide it by 2.

example:
prueba=4a0e54f8„…4a0e54f8625f

r*** r*****

prueba1=5d2bd3e4e7„…4a169a9f8901

a**** r*****
Another problem:
THEY SAY (On HELP):
I can only enter 5 characters for my master
password, why?

The evaluation version of PadLock-it™
is limited to 40 bit encryption, only US
full versions of PadLock-it™ support 128
bit encryption, which translates into 16
character passwords.

SO U KNOW THE FIRST LETTER OF THE MP SO A BRUTE FORCE
ATTACK IS EASY TO DO TO FIND THE NEXT 4 CHARACTERS.

Another problem:
THEY SAY (On HELP):
I forgot my master password, can I get it
back?

No, PadLock-it uses a state of the art security
that is unbreakable, no one can get your master
password. Not even the developers of PadLock-it.

WHEN U ENTER TO EDIT AN ACCOUNT PADLOCK DECRYPT THE
USERID AND IT SHOW YOU ON CLEAR TEXT.

THE MP USES THE SAME TWOFISH ENCRYPTION WITHOUT SEED
LIKE THE ACCOUNTS:

[General]
Version=1.01
MP=588b1c441a "guess the password"

[Accounts]
enter=588b1c441a„…588b1c441a
"enter" "enter"

THE MP JUST WORK TO AUTENTICATE YOU, IT HAS NO JOB
ON LATER ENCRYPTION.

CONCLUSION:
IF THEY DECRYPT THE USER ID, THEY CAN BREAK
THE MP.!!!!!

NOTE:
THEY SAY:

What Encryption algorythm does PadLock-it™ use?

PadLock-it™ uses the latest release of Twofish
encryption from Counterpane Systems.
BRUCE SCHNEIER is the president of Counterpane
Systems, the author of Applied Cryptography
(John Wiley & Sons, 1994 & 1996), and the
developer of Blowfish and Twofish.


WELL THEY ARE JUST USING THE POPULARITY OF A
GREAT DUDE... Twofish its c00l... the
implementation on this proggy just sucks.

================================================================
Efrain `ET` Torres
LoWNOISE Colombia.
et@cyberspace.org
1999

et@my.narco-goverment.sucks.co
================================================================

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close