Pae password not working



  • i typed a password for a pae file and it worked. Tested it out and i can enter any password and it will extact the file


  • conexware

    Please explain what exactly did you do and where… I checked it out and it works as it should - I dont see how could any password work in protected pae file…



  • The File Is Over 154 Mb I Encrypted It Wit The Password Test And I Can Extract It With Help Why


  • conexware

    @davidsplash:

    The File Is Over 154 Mb I Encrypted It Wit The Password Test And I Can Extract It With Help Why

    David, please write in understandable sentences :-).
    You probably typed help instead of test… I am sure if you try again you will see it works fine.

    It is impossible for encrypted file to be opened with wrong password.



  • it was an avi file i encrypted and yes it opened with wrong passwd. but its the only one thats done it so far



  • Well, I tried with an avi file - using shell compress and encrypt - PA compressed to zip and then gave password prompt. I entered one and pae file was created.

    Then still in same explorer window, I selected shell extract to {filename as folder}

    PA asked for password, I entered an incorrect password.

    PA then “appeared” to extract the file (progress displayed and even creating folder) but on completing gave the message “incorrect password” and deleted the destination folder.
    Didn’t have chance to check if (temporary) file was extracted into the folder before deletion.

    Is this false extraction process necessary, or should it be immediately cancelled with incorrect password?



  • it does extract tfile to the folder.

    it should snot even atrt the process of extractimng if its the wrong password


  • conexware

    @davidsplash:

    it does extract tfile to the folder.

    it should snot even atrt the process of extractimng if its the wrong password

    Eh, its checking the password by extracting the file. Since password is wrong, extracted file is garbage and it gets deleted.

    While we could have done password checking via stored hash of the password which would be still considered secure and very fast, this way dictionary based attacks are much, much slower and raise passive security of the pae files up a notch.

    It also might help in the future because if some hashing algorithm gets cracked completly, it can not be used to recover the data.


 

5
Online

9.8k
Users

6.0k
Topics

36.6k
Posts

Copyright © 1998-2018 ConeXware, Inc.
All rights reserved. Privacy Policy