[vpn-help] PSK stored in clear?

[DJ DeanT]

Hi Guys,

I recently came across the Shrew Soft VPN Client and it works great!
The main reason for needing it was the software for our VPN device
doesn't support 32bit operating systems.

My only problem with this product is that it stores the preshared key in
(almost) clear text (REG_BINARY) in the windows registry
(HKCU\Software\ShrewSoft\vpn\site\%site%\auth-mutual-psk).

I was wondering if anyone knew if there were plans to encrypt this?  I
can see that if you use the export feature, the file produced includes a
encrypted form of the PSK (using base64 I think), so shouldn't it be
stored in a similar format?

My concern on this matter is that I would want to export the settings
and send to a third party for them to VPN in using this software, but I
wouldn't necessarily want them to be gain access to the PSK.

Many thanks in advance.

-------------------------------------------
DJ DeanT

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.

Thank you.