Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormPacket StormPACKETSTORM:12340
HistoryAug 17, 1999 - 12:00 a.m.

iomega-onestep-backup.txt

1999-08-1700:00:00
Packet Storm
packetstormsecurity.com
23
JSON
`Date: Thu, 14 Jan 1999 09:39:05 -0800  
From: aberrant <[email protected]>  
To: [email protected]  
Subject: Shoddy encryption in Iomega One-Step Backup (fwd)  
  
I searched the archives and didn't find anything regarding this. The vendor  
was notified over a week ago and, aside from the standard "Thank you for  
your concern" response, has not bothered to contact me.  
  
While playing with my new Iomega Jaz 2GB drive the other day, I found an  
interesting (disturbing) "feature" with the One-Step Backup program that  
is shipped with the drive (and is also available, presumably for Iomega's  
other products, on their web site). I've confirmed through Iomega tech  
support that this is the latest version of the One-Step software out there  
(verion reported by Windows95 as 5.30).  
  
In the backup configuration dialog, there's a "security" tab that allows  
the user to specify a password to limit access to the backup file that is  
stored on the Jaz disk. Curious as to what encryption they used, I checked  
the final backup file and was dismayed. The password appears after the  
description of the backup (another user field), "encrypted" using the  
following formula:  
  
E = P xor 0x1f  
  
Where "P" is a byte of the plaintext password, and "E" is the stored  
"encrypted" password. Decryption is left as an exercise for the reader. :)  
  
You can grab this very easily by doing an "od -c" on the backup file. The  
password is the first nonzero block past the description (and a 001) and  
usually resides around offset 0470 (octal).  
  
This formula works in every case I tried (alphanumerics, special chars, etc.).  
Incidentally, it appears that the password is used solely for access control;  
the rest of the backup file appears to be unencrypted (though compressed at  
the user's option).  
  
<rant>  
  
I know aleph1 instructed us to be kinder and gentler in this list, but this  
is just pathetic. If you're going to have an advertised "security"  
feature with any sort of a key, there's a reasonable expectation by the  
user that the key not be easily recoverable. I'm certainly not a security  
expert, but I don't see any reason to store the key in a recoverable  
format in this case. If all you want to do is control access, a one-way  
hash should suffice (though still subject to brute force, it's better than  
this).  
  
This is just one example of shoddy programming coming out of Iomega (the  
others are not security-related, but if you're interested, drop me a line  
and I'll give you the whole history).  
  
Iomega, if you're listening, it's time you took the Ovaltine decoder rings  
away from your programmmers and replaced them with a good text on security.  
  
</rant>  
  
Cheers,  
  
Aberrant  
[email protected]  
`
JSON