Quicken Recovery Password Discovered?
Quicken is one of the most popular personal finance software applications, useful for personal and small business finance, created by US financial software firm, Intuit.
One of the protection methods used by the software to protect user's sensitive financial information is to encrypt the data file with strong encryption, using a password supplied by the user.
In the case that the user has forgotten or otherwise lost their password, there is a method where Intuit can use a special password to recover the otherwise-protected financial data.
Russian password-recovery specialist, Elcomsoft, has claimed that the presence of this extra password is a backdoor that may allow not only Intuit unrestricted access to user's files, but also US Government agencies (though this last part is pure speculation).
While the actual encryption method being used to protect the file has not been defeated, Elcomsoft claim to have recovered the 512-bit RSA key that is being used by Intuit as the master encryption key. Making this key recovery more interesting is the claim that Elcomsoft factored the RSA key in order to extract the details required. This marks one of the first times that factorisation of an RSA key of this size has been used to recover protected information.
This isn't the first time that Elcomsoft or its employees have attracted attention to themselves. In 2001 Dmitry Sklyarov was arrested at DefCon following the presentation of techniques designed to overcome Adobe's eBook protection. These techniques were developed by Elcomsoft, where Dmitry Sklyarov was an employee at the time. This incident became known as the Sklyarov affair.
25 June 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.