OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: FW:PcAnywhere weak password encryption
From: Steve Topilnycky (steve_topilnyckyCOMPUSERVE.COM)
Date: Thu Apr 13 2000 - 08:06:23 CDT

-d.

>> fwiw, dsniff now handles both cases - cleartext, and pcAnywhere-encrypted. <<

Interesting tool. As mentioned, "pcAnywhere" encryption is not super-secure, so use Symmetric encryption if you
feel you are at risk. Public-Key is no more secure technically speaking; it is not a higher level of encryption but
is actually Symmetric. The only difference is that it uses a third party (VeriSign) certificate for extra
authenticate of who the remote and host computers are before the connection begins. Nothing of course is hack-proof.
However, Symmetric is, to my understanding, very secure. If you review Microsoft's
information on their Crypto API that was found in the prior referenced document as links to their web site's KB:

Title: 'What Type of Encryption does pcAnywhere Use?'
Document ID: 1996122712827
Web URL:
http://service1.symantec.com/SUPPORT/pca.nsf/docid/1996122712827&src=w

There are nine Microsoft KB article links in this document that fully describe Symmetric encryption. 

--
Regards,

Steve Topilnycky
Symantec Norton AntiVirus Support Volunteer
Using Microsoft Outlook Express 5.0
______________________________________________________________

Email:  steve_topilnyckycompuserve.com
Web:  http://ourworld.compuserve.com/homepages/steve_topilnycky/
ICQ:  11834114    http://www.icq.com
______________________________________________________________

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net