>The resident Access97 expert employed by one of my customers claims he can hack into any Microsoft encrypted Access97 .mdb file... he claims he can open it and search through the database without knowing a user name or a password...
>
>now 'the biz types' are concerned about the security of their VFP data as well.
>
>This company uses Xitech Cryptor.
>
>From the reading and research I've done it is impossible to unencrypt the VFP .dbf without knowing the original encryption key.
>
>Does anyone know of any unencryption hacks for the Xitech Cryptor product?
>
>Before I endorse Xitech Cryptor's effectiveness to several project managers and a VP I'd like to verify it can't be unencrypted.
>
>Even if these hacks existed the hacker would have to know Xitech Cryptor is the product being used to encrypt the data.
>
>:)

The "biz types" have to understand that no practical, computer-based cryptography product is impossible to decrypt. However, there are some products that are very difficult and/or time consuming to defeat, and a few for which there are no publicly known cracks.

MS Access does appear weak, a simple Google search on ["Microsoft Access" crack] came up with a lot of hits.

I took a look at Xitech's Cryptor page. One section is reproduced below:

------------------
How secure is Cryptor IV encryption ?
Cryptor 5.0 Standard contains the same powerful encryption algorithm used in earlier versions of Cryptor. These earlier products gained the reputation as the most secure encryption product available for FoxPro, by FoxPro users. Previously subject to export restrictions, the algorithm has now had these lifted.
------------------

I recall looking at their site some time ago. At that time they were a little more upfront; they admitted that Cryptor was not as good as so-called "strong" cryptographic products but that it was still "pretty good" and had not been cracked to their knowledge - at least, they had had no complaints from their customers.

Since it's a proprietary product there's no way of knowing how well their encryption algorithm has stood up over the years.

Now that Microsoft has made encryption available via the CryptoAPI I think Cryptor's claim to be the "most secure" product for Fox is now suspect.

Another point to bear in mind is that their are products that can "spy" on memory in running applications/processes. So, even if a crypto product only decrypts "in memory, never on disk" it is still vulnerable to being read there.