http://www.dslreports.com/forum/r19811434 en Wed, 10 Feb 2010 07:38:43 EDT Wed, 10 Feb 2010 07:38:43 EDT http://www.dslreports.com/forum/remark,19811434 anon : Hey !

I'm a user of Steganos Safe 2007 (not the Pro version with keyrecovery option). I don't trust this.

I do have questions about the built-in password generator they use.

If you make a new safe, you have the option to provide a password (i use 70 random characters) that is 280 binary-bits.

I know this is 6 charaters to much (for the 256-Bits AES) for maximum strength. But this is just a little safety margin.

You also get the option to safe a "keyfile" to a removable media for easy entry to the vault.

This keyfile is generated by steganos. So you get the option to open your safe with the password you provided, OR with the keyfile for easy entry.

my problem (question) is why is the password in the generated keyfile only 64-characters long (if you convert to .txt you can see it) if you have the option for manually type password up to 100 characters ??

So the weakness is Not always the password you type yourself, but could reside in the key-generator in steganos !

Wich algorithm do they use to derivate the keyfile ? (hash function).

do they ad random bits (salt) or truly random bits derivated on mouse movements ?? or something else...

There is NO information on this ?

Does somebody knows more about this program that is worldwide used ?

(Steganos support didn't answer me)

Thanks !]]> http://www.dslreports.com/forum/remark,19811434 Wed, 16 Jan 2008 07:48:42 EDT