Here's what Elcomsoft's CEO Vladimir Katalov had to say about cracking the 512-bit encryption scheme: Well, nowadays, 512-key is crackable in a very reasonable time. My colleague Gregg Keizer has posted a news story with more details. [ UPDATE: Since posting this yesterday, I have heard briefly from both Elcomsoft and Intuit. If and when they do, I'll post their response here.
What does Intuit have to say? Nothing yet - they haven't gotten back to me. Unfortunately, the existence of such a backdoor and escrow key creates a vulnerability that might leave millions of Quicken users worldwide with compromised bank account data, credit card numbers, and income information.Įlcomsoft says it has reported this vulnerability to US CERT. Perhaps Intuit included the Quicken backdoor to make it possible for the United States Internal Revenue Service (IRS), FBI, CIA, or other law-enforcement and forensics organizations to use an "escrow key" to gain entry into password-protected Quicken files. "Elcomsoft, a respected leader in the crypto community, needed to use its advanced decryption technology to uncover Intuit's undocumented and well-hidden backdoor, and to successfully perform a factorization of their 512-bit RSA key." "It is very unlikely that a casual hacker could have broken into Quicken's password protection regimen," said Vladimir Katalov, Elcomsoft's CEO. Before Elcomsoft's discovery of Intuit's backdoor, Intuit was the only organization that could unlock their customers' files. To deliver this service, Intuit uses a 512-bit RSA key known only to Intuit. (Elcomsoft did not disclose how many millions of monkeys working on millions of computers it took to factorize the 512-bit key.)Īmong other things, Elcomsoft sells password recovery software, so naturally it's hawking a product that can allegedly strip the encryption from Quicken and allow users to access files after their password has disappeared down the memory hole.Īccording to Elcomsoft: This backdoor allows Intuit to offer their own affordable service whereby Intuit will unlock a customer's file. Elcomsoft also claims to have cracked the RSA encryption that protects the files. Here's one thing I bet the millions of Quicken users probably don't know: Intuit has a secret back door that allows it to access your password-protected financial files - or so says Elcomsoft, a security software vendor based in Moscow.Įlcomsoft claims it has discovered the heretofore undisclosed back door to Quicken files, which would allow Intuit to open the files without a customer's password.
0 kommentar(er)
