
Passwords
How to evaluate a password protection ?
Most of the actual softwares that are used to produce something offers you the ability to password protect your source, document, wathever you can do. Many of them even use that as a marketing point, pretending to complety securing your information...
A software that offer this function is not always better that the others that does not. You can rely on a protection without knowing about the weakness of the product you use. If you use the functionnality to protect a document (and you should do that), you have to evaluate the product you use. Because when you buy a software, they certainly won't tell you 'a 3 year old can break the protection in less than 2 min, but buy it, it's a good product!'.
To do that, you should be aware of the most common ways used to retrieve passswords or information from a protected document. First of all, there is some application that pretend to use password, but does not use it for anything else than accessing the document, at the condition that you open the document from the correct software. If you use any other software, you may be able to retrieve all the information in that case. So, when you use a password on a document, try to open it with notepad, and search inside the garbage you'll probably see (the application have it's own format) for few words you've written, your passwords (yes, sometimes it lies in clear, and better, you can even find passwords of others who have access it..) and things such as your computer name, username, etc.. From what you get, you'll already be able to see if everybody can access the information or not.
When you open a file as a text file, you may get something totally unreadable, without any way to find even a single word, meaning that the file is probably encrypted. That's better, but may not be as good as it sound. The software may use an encryption that is related on your password (used as a key), or eternally the same encryption of it's own. To check that, simply create a basic document, make two copy of it with differents password, and run a file compare on the two documents. If most of the content are identical, you're probably on the second case. Which mean, maybe a good encryption but a poor protection because when someone will crack the scheme used by the software all information protected by this software will be available to anyone who have the crack in few seconds. too bad...
So, it's seem that the software you use is not so bad ? you may rely on it ? then there is a last things to do : search the internet for the product you use, using underground/security engines. If there is many tools, and even tutorial about the security of this software, you may have to search for another software..
(C)opyRight 2001 - KLF
All Rights Reserved.