The password protection program PADLOCK-IT Version 1.01 does not properly implement the TwoFish encryption used, rendering both the encryption algorithm and the software program security meaningless.
66148569b9eddf84dbdfee993d8bd1cd3c80b68754b5bbc178f3b54e7f1fd1fa
Date: Fri, 19 Feb 1999 13:51:39 -0500 (EST)
From: ET LoWNOISE <et@cyberspace.org>
To: schneier@counterpane.com
Cc: PacketStorm@Genocide2600.com
Subject: PADLOCK-IT and TwoFish
Hi,
2 months ago, i deliver this advisory to bugtraq... but now i have found
that this program is more popular than ever because have been showed on
WIRED magazine like one of the best prodcuts ever to manage passwords. So
i think people need to know the truth.
[LOWNOISE] Advisory:
et@cyberspace.org
by ET.
PADLOCK-IT 1.01
===============
DISCLAIMER: Learn, there are dark things behind a nice GUI.
Well, maybe this isnt a topic for bugtraq but many people is
using this kind of programs to protect all kind of passwords.
(Dial-up passwords, UNIX accounts, etc etc etc..............)
This is just a quick note about this product. Im going deeper
later.
PRODUCT: PADLOCK-IT Version 1.01 1998
1998 WinWare Inc.
1998 eEye Digital Security Team <---- Hmmmm!!
http://www.eEye.com
PROBLEM: Poor Implementation of TWOFISH
(Counterpane Systems) encryption
DESCRIPTION: PadLock-it is a utility program for
Windows 95, 98 and NT. It remembers
all your passwords in a single, easy
to use interface. It protects your
passwords using encryption and fixes
many loop holes in windows applications
password management.
Well, im not a guru on cryptoanalisys but theres something
wrong about PadLock-it. I agree that it has a really cool
GUI and its easy to use. But its opening new problems on
password managment.
First, remeber that now all the passwords will be encrypted
on 1 file called Padlock-it.dat so any person can grab this
file and analize it using just a text editor.
Padlock-it.dat (EXAMPLE)
=========================
[General]
Version=1.01
MP=588b1c441a
[Options]
TrayIcon=1
Confirm=0
Startup=1
Quick Tips=1
[Accounts]
prueba=4a0e54f8^Ä^Å4a0e54f8625f
prueba1=5d2bd3e4e7^Ä^Å4a169a9f8901
prueba2=4a169a9f^Ä^Å3db126d6f1fc83a4
enter=588b1c441a^Ä^Å588b1c441a
noise=5554c02c0b^Ä^Å5554c02c0b
--------------------------------------------------
First problem:
THEY ARE NOT USING A RANDOM SEED BETWEEN USERID AND HIS PASSWORD
example:
prueba = 4a169a9f__ 4a169a9f8900
root root98
If there are some weak passwords:
U can guess what is the weak password for a especified USER
Remember that is easy to have some USER IDs just because
other programs will give u that kind of info.
Second problem:
THEY ARE NOT USING A RANDOM SEED BETWEEN ACCOUNTS
example:
prueba1= 5d2bd3e4e7__ 4a169a9f8901
admin root98
So here is more help to have an idea to find the passwords
Third problem:
U CAN KNOW THE FIRST LETTER (and sometimes the SECOND too)
OF ANY USER ID AND THE PASSWORD (THIS INCLUDE THE MASTER
PASSWORD MP= "Take a look at the Padlock-it.dat (EXAMPLE)")
Weell there is no random seed (IMPORTANT PART ON ANY CRYPTO-THING)
So here is it a very little table:
1st letter encrypted
a 5d
b 5f
c 5e
d 59
e 58
f 5a
g 5b
h 51
i 50
j 52
k 53
l 57
m 56
n 55
o 54
p 48
q 49
r 4a
s 4b
t 4d
u 4c
v 4f
w 4e
x 46
y 47
z 44
Another problem:
U KNOW HOW MANY CHARACTERS ARE IN THE USER ID AND THE
PASSWORD AND THE MASTER PASSWORD.
Count the characters on the encrypted password,
divide it by 2.
example:
prueba=4a0e54f8^Ä^Å4a0e54f8625f
r*** r*****
prueba1=5d2bd3e4e7^Ä^Å4a169a9f8901
a**** r*****
Another problem:
THEY SAY (On HELP):
I can only enter 5 characters for my master
password, why?
The evaluation version of PadLock-it^Ù
is limited to 40 bit encryption, only US
full versions of PadLock-it^Ù support 128
bit encryption, which translates into 16
character passwords.
SO U KNOW THE FIRST LETTER OF THE MP SO A BRUTE FORCE
ATTACK IS EASY TO DO TO FIND THE NEXT 4 CHARACTERS.
Another problem:
THEY SAY (On HELP):
I forgot my master password, can I get it
back?
No, PadLock-it uses a state of the art security
that is unbreakable, no one can get your master
password. Not even the developers of PadLock-it.
WHEN U ENTER TO EDIT AN ACCOUNT PADLOCK DECRYPT THE
USERID AND IT SHOW YOU ON CLEAR TEXT.
THE MP USES THE SAME TWOFISH ENCRYPTION WITHOUT SEED
LIKE THE ACCOUNTS:
[General]
Version=1.01
MP=588b1c441a "guess the password"
[Accounts]
enter=588b1c441a^Ä^Å588b1c441a
"enter" "enter"
THE MP JUST WORK TO AUTENTICATE YOU, IT HAS NO JOB
ON LATER ENCRYPTION.
CONCLUSION:
IF THEY DECRYPT THE USER ID, THEY CAN BREAK
THE MP.!!!!!
NOTE:
THEY SAY:
What Encryption algorythm does PadLock-it^Ù use?
PadLock-it^Ù uses the latest release of Twofish
encryption from Counterpane Systems.
BRUCE SCHNEIER is the president of Counterpane
Systems, the author of Applied Cryptography
(John Wiley & Sons, 1994 & 1996), and the
developer of Blowfish and Twofish.
WELL THEY ARE JUST USING THE POPULARITY OF A
GREAT DUDE... Twofish its c00l... the
implementation on this proggy just sucks.
================================================================
Efrain `ET` Torres
LoWNOISE Colombia.
et@cyberspace.org
1999
et@my.narco-goverment.sucks.co
================================================================