home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.security
- Path: sparky!uunet!utcsri!torn!nott!netfs!manitou.cse.dnd.ca!dcrawfor
- From: dcrawfor@manitou.cse.dnd.ca (David Crawford)
- Subject: Re: Cracking Word Perfect's passwords
- Message-ID: <1992Nov5.224653.16761@manitou.cse.dnd.ca>
- Organization: Canadian System Security Centre
- References: <dbarber.720940916@crash.cts.com> <1992Nov5.185648.12304@das.harvard.edu>
- Date: Thu, 5 Nov 92 22:46:53 GMT
- Lines: 31
-
- In article <1992Nov5.185648.12304@das.harvard.edu> adam@endor.uucp (Adam Shostack) writes:
- >In article <dbarber.720940916@crash.cts.com> dbarber@crash.cts.com (David C. Barber) writes:
-
- >>I've heard that at least one company has a special program to
- >>crack Word Perfect's password locked/scrambled files. My question
- >>is: Is this ability limited to just one company, or are there
- >>several WP cracker programs running around?
-
- >
- >There is at least one available from the net, that was posted a few
- >months back.
-
- I can vouch for the usefulness of the program that was posted. I am
- currently using it as part of my security awareness program to
- demonstrate the weaknesses associated with the use of such protection
- schemes. The nice thing about this is that the author provides the
- C code to automate the cryptographic analysis (known plain text attack) of the
- WordPerfect protection scheme that was published in Cryptologia in 1990.
-
- There is at least one commercial package available. My staff found a
- crippled demo version of a package that "broke" WP5.0 password protected
- files with (I believe) 8 character passwords. We did not pursue
- the procurement of the package and I now do not remember either the
- firm or the package name.
-
- It certainly buttresses the argument for "approved encryption" where
- there is a strict confidentiality requirement.
-
- Dave Crawford The opinions expressed herein are those of the author
- dcrawfor@cse.dnd.ca and are not to be construed as an official Government
- of Canada or Department of National Defence position.
-