The Doghouse: WinXFiles

A Supplementary Cryptanlysis
by Mike Stay
from
Bruce Schneier's Crypto-Gram

used with Bruce's permission.

WinXFiles Pepsoft is an image viewer that claims security. Quoting from the Web site, "WinXFiles(tm) with its attractive tabbed-dialog interface features secure encryption to prevent unauthorized access of all type (sic) of files and particularly of your image collection." While it may have an attractive interface, it is anything but secure.

WinXFiles obscures the password and stores it in the header of the encrypted file. It obscures the password by adding it (modulo 256) to the output of a pseudorandom number generator. The PRNG is seeded with one byte derived from the password (simply the sum of the characters in the password modulo 255). The PRNG itself is also laughably weak; it generates two bytes at a time by adding and subtracting the offset from the seed byte, respectively.

Perhaps the scariest thing about the encryption is the high ratings it got from: reviewers.

(This work was done by Mike Stay and Casimir, a French hacker whose exploits have been reported by Joe Peschel. Thanks to Mike Stay for writing this up.)

Copyright (c) 1999 by Bruce Schneier

To subscribe to the Crypto-Gram, visit: subscribe or send a blank message to Subscribe by mail.

Converted to hypertext by Joe Peschel on Feb. 18, 1999.

Revised by Joe Peschel