Pegasus Encryption
Windows CE is an operating system developed by Microsoft that is meant
to be used on hand-held devices. The CE operating system allows a
handheld device to connect to a system running Windows NT. This is a
very useful feature that can be used for file transfer and program
sharing. For security reasons, when CE connects to Windows NT, it
asks the user for a password, user name, and a domain name. Windows
CE also allows the user to cache this password so that the user does
not have to reenter it every time they logon to their Windows NT
system. This would be a nice feature if Windows CE did a good job
of keeping this cached password a secret. Windows CE saves an
encrypted version of the password in a global variable (as a key
in the Windows registry). The problem is in the way that Windows CE
encrypts the password. The encryption scheme is very simple: take
7 character chunks of the password and bitwise XOR them with the word
susageP (the word Pegasus spelled backwards). Pegasus was
the project name for Windows CE while it was under development.
For more information, visit:
http://www.cegadgets.com/artsusageP.htm
Back to the top.
