Mail*Link¨ SMTP Product Test 13 ******************************************************************************* PT-13 Revised July 1991 ******************************************************************************* 1. Product Description: MacSafe II is a multiple-level password protection and encryption system for Macintosh files. 2. Product Acquisition: MacSafe II is available from Kent Marsh Ltd, Inc, 3260 Sul Ross Street, Houston, TX 77098. The telephone number is 713-522-5625; toll free 800-325-3587. The product retails for $189.95. However, Kent Marsh has site licenses as well as so-called "security software bundles" of MacSafe II and other security programs it markets. Finally, there are several mail order firms which sell the product. 3. Product Tester: Chris Mc Donald, Computer Systems Analyst, Directorate of Information Management, White Sands Missile Range, NM 88002-5030, DSN: 258-7548 or DDN: cmcdonal@wsmr-emh03.army.mil or cmcdonald@wsmr-simtel20.army. mil. 4. Product Test: a. I purchased a copy of MacSafe II from MacWarehouse in March 1990 for $130.00. Kent Marsh has subsequently offered special sales of the program at $105.00 per copy. b. I tested the product on a Macintosh SE and on a Macintosh IIcx. The minimum configuration for the program is any Macintosh computer with at least 128K ROMS and a double-sided disk drive. c. The working concept behind MacSafe II is that a user can have multiple-level password protection and optional file encryption for Macintosh files whether they exist on a local disk or on a network. The user obtains this protection by creating password-protected "safes" and moving file into and out of these respective safes. The multiple-level occurs when the user places a password on the main compartment of the safe and then chooses a second level of password protection for a "secret compartment" within the safe. MacSafe II offers three different encryption options: a proprietary LightningCrypt algorithm, a proprietary QuickCrypt algorithm, and an implementation of the Data Encryption Standard (DES). d. I followed the instructions in the User Guide to install MacSafe II on the hard disk. I then used the MacSafe II Administrator to create and delete safes. In the creation of a safe the user has many options. One can install a safe password, a secret compartment password within the safe, and select an optional automatic or manual encryption feature. In automatic mode an individual encrypts/decrypts a file with a code key defined for a particular safe upon its creation. Safes with manual encryption require the user to supply the key. e. The creation and deletion of safes presented no difficulties. I noted that any password and any code key associated with encryption did not appear on the screen. My natural question was what if one forgets a password or a code key? Are there recovery procedures to save a user from his or her own forgetfulness? The MacSafe II Administrator has an option to override a password on the safe if one forgets it. I tested that option successfully. Similarly, since the code key in automatic encryption is stored in the individual safe, one can override the automatic encryption by overriding the safe password. One then moves all of the items in the safe out at which time they will be decrypted automatically. If one chooses the manual encryption option, however, there are no "backdoors or ways to override the encryption". MacSafe II does not store the code key used to encrypt the file anywhere. f. One accesses "safes" through the MacSafe II Control Panel Device installed in the system folder. Because I had failed to read the user manual properly, I found that I could not access my safes since I had not placed the MacSafe file in the system folder. When I corrected my error, the window displays functioned as advertised. The movement of files in and out of individual safes was relatively easy. One has the option to use the mouse or so-called "power user shortcut" command keys. The vendor supplies a Quick Reference Card describing these control panel operations. Password protection and encryption options functioned properly. g. I examined these features to verify they worked as advertised: (1) Password protection for MacSafe II Administrator access. (2) Preference menu for setting defaults on safe creations. (3) Power user command keys. h. I did not test these features: (1) Establishment of project sets (i.e., a working group of files that are moved in or out of a safe at one time). (2) Backup or restoration of a safe. (3) Strength of any particular encryption option. 5. Product Advantages: a. MacSafe II has several levels of security which an individual user or administrator can activate. This allows the threat environment to be a factor in the imposition of a specific control. b. The multiple encryption options are significant. The proprietary algorithms, LightningCrypt and QuickCrypt, are admittedly faster but less secure than DES. Those of us who are government users would need a waiver to use them to protect unclassified sensitive information in lieu of DES. But, since all options are software based, even the use of MacSafe's DES option would require a waiver under Federal Information Processing Standard 46-1. In its DES implementation MacSafe II uses the Cipher Block Chaining (CBC) mode. The CBC is an enhanced mode of the Electronic Code Book (ECB) mode which chains together blocks of cipher text. 2 c. The program's password and encryption features, particularly the safe compartment option, provide solutions to problems which may arise when many individuals have to use the same Macintosh. One can compartment users on the same system to enforce need-to-know requirements. d. Kent Marsh Ltd. has several different Macintosh software security products and provides a free customer support hot line. I tested the hot line and was satisfied with the content and promptness of the answers to my questions. 6. Product Disadvantages: a. The product does not provide access protection to a hard disk, but rather to individual files, folders, and floppy disks. For the user whose major concern is physical access, there are other less costly hardware and software solutions. b. Any of the manual encryption options present the real possibility of the "loss" of information in the event a user forgets the specific user-assigned code key. c. The cost of the product, even if one could negotiate a site license, may be more than an organization is willing to spend. d. MacSafe II provides no audit trails of system administration or user activities. 7. Comments: My initial enthusiasm for MacSafe II has declined somewhat after my actual test of the software. It is not that the software did not perform as intended. It is rather the difficulty I have in envisioning a scenario in which my particular organization would utilize all of its features. Admittedly mine is a "Macintosh scarce" environment. But the idea of "secret compartments", while technically intriguing, is not one which satisfies a pressing need for my operations. Similarly, one could use physical and/or other software products to enforce physical access to the hard disk and then use a public domain version of DES to encrypt/decrypt files. The multiple-password scheme and the use of manual code keys for encryption/decryption might place unacceptable demands on many users. The lack of audit trail records is in my opinion a major omission. The program provides significant identification and authentication mechanisms, but just ignores the audit function. It would seem reasonable that, with an Administrator function already present in the product, an audit mechanism might be added if there is sufficient user interest. Users may consult these sources for additional comments on Mac Safe II and other Macintosh security products: (1) "MacWEEK", 31 Jul 1990, page 35; 3 (2) "MACWORLD", January 1990, pages 142-149; and (3) "MACWORLD", June 1991, pages 121-129. I would offer a word of caution on the last article. It does not discuss MacSafe II in any detail, but only provides a summary chart listing of its features. The author also proposes that the DES algorithm "can be broken". I know of no factual basis for such a claim, and would refer users to a paper written by Dr. Dorothy Denning, entitled "The Data Encryption Standard Fifteen Years of Public Scrutiny". The paper appears in the proceedings of the Sixth Annual Computer Security Applications Conference, December 3-7, 1990. In summary, MacSafe II installs as a CDEV to provide file and folder access protection through a combination of password and encryption techniques. [The opinions expressed in this evaluation are those of the author, and should not be taken as representing official Department of Army positions or a commercial endorsement.] 4 ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;26 Jan 1993 20:30:21 U Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #12441) id <01GTZK9L0ISGERWQCE@icdc.llnl.gov>; Tue, 26 Jan 1993 20:29 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #12441) id <01GTZK967LSWERWQ8Q@icdc.llnl.gov>; Tue, 26 Jan 1993 20:29 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA16006; Tue, 26 Jan 93 20:22:33 PST Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA15952; Tue, 26 Jan 93 20:19:32 PST Received: from wsmr-emh03.army.mil by WSMR-SIMTEL20.ARMY.MIL with TCP; Tue, 26 Jan 1993 21:18:40 -0700 (MST) Resent-date: Tue, 26 Jan 1993 20:29 PST Date: Tue, 26 Jan 93 21:14:09 MST From: Chris McDonald STEWS-IM-CM-S Subject: Product Test 13 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: orvis%llnl.gov@wsmr-simtel20.army.MIL Resent-message-id: <01GTZK9L0ISGERWQCE@icdc.llnl.gov> Message-id: <9301270419.AA15952@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"orvis%llnl.gov@wsmr-simtel20.army.MIL" ======================================================================