[LOWNOISE] Advisory: 
et@cyberspace.org
by ET.
      PADLOCK-IT 1.01
      ===============

DISCLAIMER: Learn, there are dark things behind a nice GUI.
 
Well, maybe this isnt a topic for bugtraq but many people is
using this kind of programs to protect all kind of passwords.
(Dial-up passwords, UNIX accounts, etc etc etc..............)
This is just a quick note about this product. Im going deeper
later.


PRODUCT:  PADLOCK-IT Version 1.01 1998
    1998 WinWare Inc.
    1998 eEye Digital Security Team <---- Hmmmm!!
         http://www.eEye.com

PROBLEM:   Poor Implementation of TWOFISH
                (Counterpane Systems) encryption


DESCRIPTION:  PadLock-it is a utility program for 
    Windows 95, 98 and NT. It remembers
          all your passwords in a single, easy
    to use interface. It protects your
    passwords using encryption and fixes
    many loop holes in windows applications
    password management.

Well, im not a guru on cryptoanalisys but theres something
wrong about PadLock-it. I agree that it has a really cool
GUI and its easy to use. But its opening new problems on 
password managment.

First, remeber that now all the passwords will be encrypted
on 1 file called Padlock-it.dat so any person can grab this
file and analize it using just a text editor.

Padlock-it.dat (EXAMPLE)
=========================
 
[General]
Version=1.01
MP=588b1c441a   

[Options]
TrayIcon=1
Confirm=0
Startup=1
Quick Tips=1

[Accounts]
prueba=4a0e54f8„…4a0e54f8625f
prueba1=5d2bd3e4e7„…4a169a9f8901
prueba2=4a169a9f„…3db126d6f1fc83a4
enter=588b1c441a„…588b1c441a
noise=5554c02c0b„…5554c02c0b

--------------------------------------------------
First problem:
 THEY ARE NOT USING A RANDOM SEED BETWEEN USERID AND HIS PASSWORD

 example: 
 prueba = 4a169a9f__ 4a169a9f8900
          root       root98
 
 If there are some weak passwords:
 U can guess what is the weak password for a especified USER
 Remember that is easy to have some USER IDs just because
 other programs will give u that kind of info.
 

Second problem:
 THEY ARE NOT USING A RANDOM SEED BETWEEN ACCOUNTS

 example:
 prueba1= 5d2bd3e4e7__ 4a169a9f8901  
          admin        root98
                                 
 So here is more help to have an idea to find the passwords


Third problem:
  U CAN KNOW THE FIRST LETTER (and sometimes the SECOND too)
  OF ANY USER ID AND THE PASSWORD (THIS INCLUDE THE MASTER
  PASSWORD MP= "Take a look at the Padlock-it.dat (EXAMPLE)")
  
  Weell there is no random seed (IMPORTANT PART ON ANY CRYPTO-THING)

  So here is it a very little table:


     1st letter      encrypted   
  a    5d   
  b    5f  
  c    5e  
  d    59
  e    58
  f    5a
  g    5b
  h    51
  i    50
  j    52
  k    53
  l         57
  m               56
  n    55
  o    54
  p    48  
  q    49
  r    4a
  s    4b
  t    4d  
  u    4c
  v    4f
  w    4e
  x    46
  y          47
  z    44

Another problem:
  U KNOW HOW MANY CHARACTERS ARE IN THE USER ID AND THE 
        PASSWORD AND THE MASTER PASSWORD.

        Count the characters on the encrypted password, 
        divide it by 2.

    example:
    prueba=4a0e54f8„…4a0e54f8625f
            
                       r***      r*****
             
                prueba1=5d2bd3e4e7„…4a169a9f8901       
                       
                        a****       r*****   
Another problem:
  THEY SAY (On HELP):
                   I can only enter 5 characters for my master
                   password, why?

                   The evaluation version of PadLock-it™
                   is limited to 40 bit encryption, only US
                   full versions of PadLock-it™ support 128 
                   bit encryption, which translates into 16
                   character passwords.

       SO U KNOW THE FIRST LETTER OF THE MP SO A BRUTE FORCE
       ATTACK IS EASY TO DO TO FIND THE NEXT 4 CHARACTERS.

Another problem:
       THEY SAY (On HELP):
    I forgot my master password, can I get it 
    back?
    
    No, PadLock-it uses a state of the art security
    that is unbreakable, no one can get your master
    password. Not even the developers of PadLock-it.

        WHEN U ENTER TO EDIT AN ACCOUNT PADLOCK DECRYPT THE 
  USERID AND IT SHOW YOU ON CLEAR TEXT.
  
  THE MP USES THE SAME TWOFISH ENCRYPTION WITHOUT SEED
  LIKE THE ACCOUNTS:

    [General]
    Version=1.01
    MP=588b1c441a    "guess the password"
               
    [Accounts]
    enter=588b1c441a„…588b1c441a
      "enter"     "enter"

        THE MP JUST WORK TO AUTENTICATE YOU, IT HAS NO JOB
        ON LATER ENCRYPTION.

        CONCLUSION:
    IF THEY DECRYPT THE USER ID, THEY CAN BREAK
    THE MP.!!!!!

  NOTE: 
    THEY SAY:
    
    What Encryption algorythm does PadLock-it™ use?

    PadLock-it™ uses the latest release of Twofish
    encryption from Counterpane Systems.
    BRUCE SCHNEIER is the president of Counterpane
    Systems, the author of Applied Cryptography 
    (John Wiley & Sons, 1994 & 1996), and the 
    developer of Blowfish and Twofish.


    WELL THEY ARE JUST USING THE POPULARITY OF A
    GREAT DUDE... Twofish its c00l... the 
    implementation on this proggy just sucks.
      
================================================================
Efrain `ET` Torres
LoWNOISE Colombia. 
et@cyberspace.org 
1999

et@my.narco-goverment.sucks.co
================================================================