You are here

Great piece of s/w....

7 posts / 0 new
Last post
cirith
Offline
Last seen: 14 years 4 months ago
Joined: 2008-07-25 12:23
Great piece of s/w....

I just kissed a bunch of sensitive documents goodbye

, thanks to decrypting in Blowfish with a wrong password. I didn't even KNOW that a wrong password would result to the destruction of my data!

In my 15 years of using freeware (or comercial software, for that matter) it's the biggest "disaster" that has happened to me.

Security software is too serious for such (obvious) bugs...

Tim Clark
Tim Clark's picture
Offline
Last seen: 11 years 9 months ago
Joined: 2006-06-18 13:55
Cirith

Cirith,

It is the custom to greet a first time poster with a Welcome to PortableApps.com message, under the circumstance I sense it would not be appreciated.

I, and others I'm sure, regret what has happened to you.
Hopefully you have a backup.
Obviously we feel bad for you if you do not and have truly lost data.

But I do feel the need to ask how long you have been using Toucan and what version you are using?

I just checked the download page and found the following warning:

Important Note For 1.1 Upgraders / Blowfish Users: All encryption in Toucan 1.1 used Blowfish. From 1.2 on, Toucan defaults to Rijndael. If you wish to decrypt files encrypted with Toucan 1.1, you must select Blowfish as the decryption routine. The Blowfish method files are encrypted such that the decrypter can not tell if your password is correct, so if you enter an incorrect password it will corrupt your files. Always be sure to back up your data. Rijndael is now the default (and recommended) encryption method as it does not have this issue.

Just below the download button.
https://portableapps.com/apps/utilities/toucan

When you downloaded Toucan was the warning not there?
It seems to me that the warning has been there since April 11th and probably longer.

I will suggest to the author that he use stronger words than "corrupt your files".

I believe the developer is planning to do something in the next release to make this unfortunate occurrence unlikely, in the meantime may I ask, in all seriousness and with no sense of sarcasm, what warning do you think would have been adequate to prevent this situation from occurring in your case? It obviously seems we should make it stronger.

With Sympathies,
Tim

Things have got to get better, they can't get worse, or can they?

cirith
Offline
Last seen: 14 years 4 months ago
Joined: 2008-07-25 12:23
First of all, your quick and

First of all, your quick and thoughtful response is really appreciated.

No, unfortunately I had no backup, I just wanted to keep some "sensitive" data on my USB drive, away from prying eyes.

I hate to admit that I installed (and used only once back then) Toucan about a couple of months ago and didn't spot the aforementioned Note -which, ironically, hit me like a hammer today, when I got back to figure out what could possibly has gone wrong.

Believe me, the last thing I intend to do is "defame" the effort of the developer of this (or any) freeware, which, I believe, is invaluable for the common user, for obvious reasons. I just wanted to express my frustration for a situation that could have been a lot more grave, if the scrambled data (mine or any other's) were more important.

Lastly, please excuse any misuse of words, since English is not my native language.

Thanks
cirith

Steve Lamerton
Steve Lamerton's picture
Offline
Last seen: 9 years 4 months ago
Developer
Joined: 2005-12-10 15:22
I

wasn't offended, and based on this feedback and others this mode of encryption will no longer be offered in the next version of Toucan. I also apologise for the loss of your data, sorry.

LOGAN-Portable
LOGAN-Portable's picture
Offline
Last seen: 10 years 1 day ago
Developer
Joined: 2007-09-11 12:24
Wasn't there a solution where

Wasn't there a solution where a user who decrypted with wrong password could re-encrypt using the wrong password and then decrypt using the correct password to restore the file? (Make a backup of the file(s) before attempting.)

And say you decrypted using wrong password A and then using correct password B, first re-encrypt using password B and then re-encrypt using password A before finally decrypting using the correct password (B)?

Of course it's harder when a user frantically tried to decrypt the file multiple times...

cirith
Offline
Last seen: 14 years 4 months ago
Joined: 2008-07-25 12:23
... I was pretty frantic at

... I was pretty frantic at the time... Smile

rone
Offline
Last seen: 14 years 6 months ago
Joined: 2008-07-26 12:46
Corruption warning...

The corruption warning probably should be added to the known issues section of the web page at https://portableapps.com/support/toucan#known_issues!

Log in or register to post comments