MacNN Forums (http://forums.macnn.com/)
-   Classic Macs and Mac OS (http://forums.macnn.com/classic-macs-and-mac-os/)
-   -   OS 9 security - is it so secure? (http://forums.macnn.com/64/classic-macs-and-mac-os/46188/os-9-security-is-so-secure/)

 
Cipher13 Apr 24, 2000 01:56 AM
OS 9 security - is it so secure?
Hey all. I am rather worried as I have stumbled into a rather big security hole in the MacOS 9 file encryption thing.
I was able to gain access to 100% of the files I tried to without a password, and without the need for any brute-force attacks or anything...
I won't say how I did it in a public forum (that could make matters worse!), but please take note of this warning - DO NOT use Apple file encryption for sensitive documents (not that I imagine you would).
If anyone else believes they have found the same thing, please say so. I am hoping this is just happening on my computer, and I will check that out later today. I did not want to post this prematurely, as there may be no problem - but better safe than sorry.
If anyone wants to know more, e-mail me or contact me through ICQ on 48111606.
I will be sending Apple an e-mail with the details soon.

Cipher13
 
iPond317 Apr 24, 2000 11:55 AM
Is your Keychain unlocked? That might do it... Unless you click the "Add to keychain" check box in the encrypt dialog, you have to enter your password every time... and the password can be different from your keychain password. This may not be the problem but it sounds like it.

------------------
-- iPond317
All hail iMac DV
G4 Performance Leader
iBook #1 consumer laptop
Mac OS 9: Your Internet co-pilot
Power Mac G4 considered "super computer"
Think different.
 
Cipher13 Apr 25, 2000 03:11 AM
The password of the file was different to my keychain password. I had the keychain locked too. I didn't even know the password for the file - a friend encrypted a file and told me to try and get it unlocked. I thought yeah, right, but I thought I knew the password he had entered - same password every time.
I went to type in the password and nudged the Enter key on the keypad - the file decrypted with NO PASSWORD ENTERED!!!
He told me the real password too - it wasn't that I had thought.
I tried with the password - file decrypted. Without password - file decrypted. With incorrect password - file did not decrypt.
Very strange.
I have since tried it on another system - it didn't work, so it seems like there's somthing up with my system. I got a friend to encrypt a file with a random password then send it to me. We tried that and I could decrypt his file with no password...
I have no idea whats happened, but I have messed around with the Apple File Security app in ResEdit (on a copy of course).
If anyone has any clue as to whats happened, I'd really like your input.
Its not a problem I want to fix ;-), but nontheless a problem.
I will format HD tonight (once a month, every month), and see if when all old files are back on the problem remains.
I'll keep you updated...

Cipher13
 
outZider Apr 25, 2000 03:20 PM
Odd. I don't have this problem. If I encrypt a file, without adding it to they keychain, I absolutely cannot gain access without the correct password. Tried Return and Enter.. still wouldn't let me in.. other combinations, no. Correct password.. i'm in.

What are you encrypting?

- oZ
 
Cipher13 Apr 26, 2000 07:06 AM
I was encrypting PICT format screenshots (just the standard Command-Shift-3 style), and then encrypted 4 of them, one at a time.
I could gain access either with no password, or the correct password, and the Keychain was involved in no way whatsoever...
Just about to format, so we'll see then.....

Cipher13
 
iPond317 Apr 26, 2000 08:40 PM
I tried doing what you did... taking screen shots and encrypting them and then trying to open them without having to decrypt them, but it wouldn't open unless I gave it the correct password. I even tried to click on the Decrypt button without a password in the field and it wouldn't let me open it still.
I think you need to re-install the Keychain software. Either that or do a clean-install of OS 9 again and go back and update to the latest version, 9.0.4. That would probably be the only way to really solve the problem. Or, you might try deleting the Keychain preferences from the System Folder. Try the prefs first and if that doesn't work, try the clean-install.

------------------
-- iPond317
All hail iMac DV
G4 Performance Leader
iBook #1 consumer laptop
Mac OS 9: Your Internet co-pilot
Power Mac G4 considered "super computer"
Think different.
 
Cipher13 Apr 27, 2000 06:15 AM
Well, I just got my new G4 (yay!) and did the same thing to the Apple Security file on it as I did on my 5500, and nothing.
Must have been a total fluke. Still makes me worry about a back door or something...

Cipher13

[This message has been edited by Cipher13 (edited 04-27-2000).]

[This message has been edited by Cipher13 (edited 04-27-2000).]
 
All times are GMT -4. The time now is 11:42 PM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2014, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2