On 2 Nov 2005 at 7:35, Richard Glazier wrote:

> My real question is: How secure is that password?
> Are there any utilities that will easily break those passwords?
> Not dictionary attacks, etc... Something that goes in and "gets"
> the password...

  The implementation has essentially three choices:

1.  Store the (encrypted?) password in the registry.  Bad choice -- the
image cannot be opened on another machine, which you need to do if you're
restoring your backup because the original machine died.

2.  Use the "password" as the encryption key to the image, and don't store
it anywhere.  Bad choice -- if the password is lost, the image is
unrecoverable.

3.  Store the (encrypted?) password in the image file.  It stays with the
image, and can be recoverable if misplaced.  But this opens the possibility
that some third party can reverse-engineer the password encryption and make
their own recovery tool.  The good news is that the manufacturer of the
software can make that hard (although not impossible) to do.

  So it comes down to:  How hard have they really made it to reverse-
engineer the encryption?  If the rest of the software is pretty robust and
professional, there's a reasonable chance that they've done a good job of
this, too.

David Gillett

            Do you want to signoff PCBUILD or just change to
                    Digest mode - visit our web site:
                   http://freepctech.com/pcbuild.shtml