frankrizzo604@xxxxxxxxx wrote: > They boast how excellent their encryption and how uncrackable they are. If your findings are true, it is utterly insecure. Worse than what you found. Can someone confirm this vulnerability? > Simply mount anyones .SLE file encrypted drive into the software and it > will ask you for their password but won't let you in because it's > encrypted. If your findings are true, it is not encrypted, bute merely access-controlled by the Steganos Software. If it were encrypted - in the sense of "encrypted with the passphrase, so unuseable without that" - the program would simply be unable to do something like: > [update detects fake key and] > after the update and it will now PUNISH you by resetting your > encrypted drives passwords to "123" until you buy a registered copy. This should be impossible, if the passphrase would play a role in the encryption. > Stores passwords in clear text. Yes - the key must be retrievable in some way, if the password can be changed without knowledge of the prior password. Kind regards, Andreas Beck -- Andreas Beck http://www.bedatec.de/
