lydia.passwd.txt

`Yet Another password storing problem (was: Re: Possible Netscape  
  
Yiorgos Adamopoulos ([email protected])  
Fri, 19 Feb 1999 16:58:13 +0200   
  
On Tue, Feb 16, 1999 at 01:02:08PM -0600, HD Moore wrote:  
> The password is *still* in the registry after you close netscape,  
  
Now that we are talking about Netscape, here is another similar bug.  
  
Kabsoftware (http://www.kabsoftware.com) produces a *very* handy utility that  
let's you check your email via POP3 (without downloading it) and other stuff  
like that (check their www page if you are interested).  
  
It appears that Lydia (the utility) stores the user passwords in  
C:\Windows\Lydia.INI.  
  
However, the encryption algorithm is trivial. I am not a cryptanalyst in any  
way and it took me 30min to find out the mapping between the ascii space and  
the scrambling they do. (Basically they map each character to 2 bytes).  
  
I notified Kabsoftware in January, and they responded promptly that "the  
encryption in Lydia algorithm is casual" and that they are going to change it  
in a future release.  
  
--  
Yiorgos Adamopoulos -- #include <std/disclaimer.h>  
[email protected] -- Knowledge and Data Base Systems Laboratory, NTUA  
`