Security News > 2023 > June > S3 Ep137: 16th century crypto skullduggery

S3 Ep137: 16th century crypto skullduggery
2023-06-01 18:45

DOUG. Password manager cracks, login bugs, and Queen Elizabeth I versus Mary Queen of Scots of course!

Our last story of the day: Don't panic, but there's apparently a way to crack the master password for open-source password manager KeePass.

You search for a string of blobs followed by a character that you think is in the password?

I get two blobs followed by the third character of my password; three blobs followed by the fourth character of my password; all the way up to 15 blobs immediately followed by the 16th character in my password.

DUCK. It's basically as though the individual characters of your password are scattered liberally through memory, but the ones that represent the ASCII characters that were actually part of your password as you typed it in.

These strings of blobs inadvertently act as a tagging mechanism to flag the characters in your password.


News URL

https://nakedsecurity.sophos.com/2023/06/01/s3-ep137-16th-century-crypto-skullduggery/