Legal Question in Technology Law in Massachusetts
password decrypters
Does anyone know whether or not it is illegal to own a program that can decrypt a user's password?
2 Answers from Attorneys
To OWN a program of any sort is not likely to be a crime.
To operate such a program, even if you didn't make use of the passwords, would be a crime.
Are people offering to sell you such a program? How doyou know for real that it works? (A demo could easily be rigged. Passwords in modern systems are "1-way encrypted"so that there is no function available which takes the stored(encrypted) version of the password and transforms it back tothe original. For example:
Take your favorite long word or random sequence of letters. Now add up digits representing the ordinal digits representing each letter's place in the alphabet.Now square that sum, add 1 and square it again, take the bottom 5 digits or so, and the result you have could in no reasonable way be mapped back to the original word you had. For one thing,perhaps many different words and certainly many combinations of letters could give you the identical sum, right? There are other such problems with decryption of a good encryption scheme, but passwords are pretty much not decryptable as are, say, zip'd files.
So don't get ripped off. Write me more, if you like, directly.
Password breaking programs are called Crackers. Be Careful.
Sometimes these files are called "Crackers". The law is rapidly evolving here. Some states treat these like "burglary tools", or like a pass key. If there is a breakin, with no sign of forced entry, you would not want to be standing nearby with a passkey. If you are found to have a program that breaks passwords (if indeed it really works), you would become a likely target for prosecution. Having the program would not be illegal per se (I don't think, at this point, though one should research the law to insure that new federal statutes don't already make this illegal).
If a district attorney could convince a jury that the only purpose for having such a program was to break the law, and you were being charged, it would make things a lot harder for your defense lawyer.... Unless you have a legitimate reason to have such a program (for example, you are director of security, and you want to learn if others can crack your passwords with such a program), then avoid having such a program.