Encryption algorithm?

SeanH · Post by **SeanH** » Mon May 15, 2006 7:01 pm

Does anyone know what encryption algorithm is used when a topic is password protected?

Post by **Petko** » Mon May 15, 2006 8:47 pm

MyInfo 3 uses standard ZIP encryption.

SeanH · Post by **SeanH** » Tue May 16, 2006 3:45 am

Petko wrote:MyInfo 3 uses standard ZIP encryption.

ZIP encryption is VERY WEAK.

To test this, I created a topic with the latest version of MI and encrypted it with an 8 digit password.

I then found a ZIP cracking tool on the internet and used it on the topic file that I encrypted.

I was albe to retrieve the password in 34 seconds!!!

Untill you update the encryption algorithm to somthing much stronger, you should warn your users not to store any sensitve data with MyInfo.

This program is wonderful in all other ways, but, please do not encourage people to use this for passwords and other critical data.

Post by **Petko** » Tue May 16, 2006 8:35 am

We are considering adding much stronger encryption to MyInfo. Meanwhile, we warn our users to use at least 8 character password with mixed characters and digits, which is much harder to recover using the available tools. Did you test it with digits only (for example "12345678") and then tell the password recovery tool to test with only digits?

SeanH · Post by **SeanH** » Tue May 16, 2006 6:04 pm

Petko wrote:We are considering adding much stronger encryption to MyInfo. Meanwhile, we warn our users to use at least 8 character password with mixed characters and digits, which is much harder to recover using the available tools. Did you test it with digits only (for example "12345678") and then tell the password recovery tool to test with only digits?

Yes I did.

That may not have been a fair test of how long it takes to crack the file. I'll re-encrypt with a mixed alpha-numeric password and tell the cracking tool nothing on the next run.

I'll let you know how it turns out.