Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Classic Macs and Mac OS > OS 9 security - is it so secure?

OS 9 security - is it so secure?
Thread Tools
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Apr 24, 2000, 12:56 AM
 
Hey all. I am rather worried as I have stumbled into a rather big security hole in the MacOS 9 file encryption thing.
I was able to gain access to 100% of the files I tried to without a password, and without the need for any brute-force attacks or anything...
I won't say how I did it in a public forum (that could make matters worse!), but please take note of this warning - DO NOT use Apple file encryption for sensitive documents (not that I imagine you would).
If anyone else believes they have found the same thing, please say so. I am hoping this is just happening on my computer, and I will check that out later today. I did not want to post this prematurely, as there may be no problem - but better safe than sorry.
If anyone wants to know more, e-mail me or contact me through ICQ on 48111606.
I will be sending Apple an e-mail with the details soon.

Cipher13
     
Mac Enthusiast
Join Date: Feb 2000
Location: Old Dominion University, Norfok, VA
Status: Offline
Reply With Quote
Apr 24, 2000, 10:55 AM
 
Is your Keychain unlocked? That might do it... Unless you click the "Add to keychain" check box in the encrypt dialog, you have to enter your password every time... and the password can be different from your keychain password. This may not be the problem but it sounds like it.

------------------
-- iPond317
All hail iMac DV
G4 Performance Leader
iBook #1 consumer laptop
Mac OS 9: Your Internet co-pilot
Power Mac G4 considered "super computer"
Think different.
iPond317 | ODU Apple Campus Rep
"Ten years ago down by the lake I sunk my sweet love down to her watery grave." - Hello Again | DMB

Old: Apple IIc, PowerMac 7200/90, iMac Bondi Blue 233, Titanium PowerBook G4 400 - New: MacBook 2.0, iPhone 8GB, AirPort Extreme Gb, iPod 30GB 5th Gen
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Apr 25, 2000, 02:11 AM
 
The password of the file was different to my keychain password. I had the keychain locked too. I didn't even know the password for the file - a friend encrypted a file and told me to try and get it unlocked. I thought yeah, right, but I thought I knew the password he had entered - same password every time.
I went to type in the password and nudged the Enter key on the keypad - the file decrypted with NO PASSWORD ENTERED!!!
He told me the real password too - it wasn't that I had thought.
I tried with the password - file decrypted. Without password - file decrypted. With incorrect password - file did not decrypt.
Very strange.
I have since tried it on another system - it didn't work, so it seems like there's somthing up with my system. I got a friend to encrypt a file with a random password then send it to me. We tried that and I could decrypt his file with no password...
I have no idea whats happened, but I have messed around with the Apple File Security app in ResEdit (on a copy of course).
If anyone has any clue as to whats happened, I'd really like your input.
Its not a problem I want to fix ;-), but nontheless a problem.
I will format HD tonight (once a month, every month), and see if when all old files are back on the problem remains.
I'll keep you updated...

Cipher13
     
Junior Member
Join Date: Sep 1999
Location: Seattle, WA USA
Status: Offline
Reply With Quote
Apr 25, 2000, 02:20 PM
 
Odd. I don't have this problem. If I encrypt a file, without adding it to they keychain, I absolutely cannot gain access without the correct password. Tried Return and Enter.. still wouldn't let me in.. other combinations, no. Correct password.. i'm in.

What are you encrypting?

- oZ
- oZ
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Apr 26, 2000, 06:06 AM
 
I was encrypting PICT format screenshots (just the standard Command-Shift-3 style), and then encrypted 4 of them, one at a time.
I could gain access either with no password, or the correct password, and the Keychain was involved in no way whatsoever...
Just about to format, so we'll see then.....

Cipher13
     
Mac Enthusiast
Join Date: Feb 2000
Location: Old Dominion University, Norfok, VA
Status: Offline
Reply With Quote
Apr 26, 2000, 07:40 PM
 
I tried doing what you did... taking screen shots and encrypting them and then trying to open them without having to decrypt them, but it wouldn't open unless I gave it the correct password. I even tried to click on the Decrypt button without a password in the field and it wouldn't let me open it still.
I think you need to re-install the Keychain software. Either that or do a clean-install of OS 9 again and go back and update to the latest version, 9.0.4. That would probably be the only way to really solve the problem. Or, you might try deleting the Keychain preferences from the System Folder. Try the prefs first and if that doesn't work, try the clean-install.

------------------
-- iPond317
All hail iMac DV
G4 Performance Leader
iBook #1 consumer laptop
Mac OS 9: Your Internet co-pilot
Power Mac G4 considered "super computer"
Think different.
iPond317 | ODU Apple Campus Rep
"Ten years ago down by the lake I sunk my sweet love down to her watery grave." - Hello Again | DMB

Old: Apple IIc, PowerMac 7200/90, iMac Bondi Blue 233, Titanium PowerBook G4 400 - New: MacBook 2.0, iPhone 8GB, AirPort Extreme Gb, iPod 30GB 5th Gen
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Apr 27, 2000, 05:15 AM
 
Well, I just got my new G4 (yay!) and did the same thing to the Apple Security file on it as I did on my 5500, and nothing.
Must have been a total fluke. Still makes me worry about a back door or something...

Cipher13

[This message has been edited by Cipher13 (edited 04-27-2000).]

[This message has been edited by Cipher13 (edited 04-27-2000).]
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 01:15 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2