Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    704
    Thanks
    11
    Thanked 68 Times in 53 Posts

    Legitimate app breaks popular encryption systems




    TOP STORY

    Legitimate app breaks popular encryption systems

    By Lincoln Spector

    Conventional wisdom has been that files protected with good encryption can't be cracked.
    But a new, $300, wizard-driven app can unlock BitLocker-, PGP-, and TrueCrypt-encrypted files, folders, and drives — no matter how strong a password you're using.

    The full text of this column is posted at WindowsSecrets.com/top-story/legitimate-app-breaks-popular-encryption-systems/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    Star Lounger
    Join Date
    Jan 2001
    Location
    Osaka, Japan
    Posts
    60
    Thanks
    2
    Thanked 3 Times in 2 Posts
    To the best of my knowledge EFDD would only access already unencrypted data in a mounted volume. Once you close a TrueCrypt drive or container it would be re-encrypted, so it's no surprise at all that your experiment didn't work. It's not hacking your passwords. A mounted volume is vulnerable, and always has been.
    Last edited by bill; 2013-02-06 at 20:51.

  3. #3
    3 Star Lounger
    Join Date
    Apr 2007
    Location
    Lancashire, United Kingdom
    Posts
    225
    Thanks
    30
    Thanked 4 Times in 4 Posts
    As far as I can see it also only works on encrypted FILES, not encrypted DISKS which boot up before the O/S. So, maybe that's the way forward? How secure are tools like Macafee Endpoint Encryption?

    Alan

  4. #4
    New Lounger
    Join Date
    Jan 2013
    Posts
    13
    Thanks
    10
    Thanked 2 Times in 2 Posts

    A note on password effectiveness/strength

    A note on password effectiveness/strength:

    Password effectiveness, after one has used a number/a special character/and an upper case character, is a factor of length. <P@ssword123456> at 16 characters in length is exponentially stronger than any 15 character combination of gobbledygook. Meeting the 3 conditions listed forces the attacker to search through the largest possible space. After that, length NOT randomness, is what makes your password tough to crack. Higher entropy ≠ higher security.

    I write encryption software for Windows and have been an IT security guy for a major US university.

  5. #5
    New Lounger
    Join Date
    Nov 2009
    Posts
    22
    Thanks
    2
    Thanked 2 Times in 2 Posts

    Yawn!

    What a fuss over nothing! "However, with the right precautions — and, of course, long, hard-to-guess passwords — you needn’t lose any sleep over them."

    And a note about "style". "An acquaintance was inadvertently..." etc, etc, etc. I don't really care too much about your acquaintance! But I did want to know how this "app" manages to "break" popular encryption systems. Oh! But it doesn't.

    Sorry, WindowsSecrets, but you need to raise your game if you want people to keep clicking.

  6. The Following User Says Thank You to Khun Roger For This Useful Post:

    cipher (2013-02-07)

  7. #6
    New Lounger
    Join Date
    Feb 2013
    Posts
    1
    Thanks
    0
    Thanked 2 Times in 1 Post

    Try accessing hiberfil.sys from Linux

    Re: "I just told EFDD to access c:\hiberfil.sys. But once again, it failed to find a key. It turns out you can't wake up a hibernating PC and then dig data out of the hibernation file. So I tried again; I put the PC into hibernation, then loaded Windows with another bootable drive. Unfortunately, Windows wouldn't let me access the hibernation file."

    If you really want to access a (copy of) a file that Windows won't let you access, then boot your machine from a "live" Linux CD (I like Parted Magic), and use it to copy the file (perhaps to a FAT32 device. like a thumb drive). Linux's ntfs3g file system driver completely ignores the NTFS security (other than encryption), so there's no problem with having insufficient "permissions" to access a file.

  8. The Following 2 Users Say Thank You to Dave Burton For This Useful Post:

    brino (2013-02-07),cipher (2013-02-07)

  9. #7
    New Lounger
    Join Date
    Feb 2013
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I use tropsofts encryption software.

    http://www.tropsoft.com/privateencryptor/

    I have chosen to use MARS as my encryption scheme:


    MARS
    MARS is a block cipher designed by IBM as a candidate algorithm for the Advanced Encryption Standard (AES). It has been selected as one of the five finalists in the AES competition. MARS is unique in that it combines virtually every design technique known to cryptographers in one package. It uses two entirely separate algorithms, so that even if one portion of MARS is broken the rest of the cipher will remain secure and data will still be safe. Due to its design, MARS offers better security than triple DES while running significantly faster than single DES. The combination of high security, high speed, and flexibility makes MARS an excellent choice for the encryption needs of the information world well into the 21st century. The key size is 448 bits (56 characters).

    I doubt very seriously that program would be compromised...

  10. #8
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    422
    Thanks
    70
    Thanked 5 Times in 5 Posts
    what makes an app legitimate ?
    conventional wisdom is usually wrong!
    i doubt that ap can do what is claimed in a time frame that would be of concern.
    cracking passwords is a lot different than decrypting an entire file.

    there are much stronger encryption methods. but they do take a tiny amount of work.
    if you really need security then make the effort to do that little extra work.

  11. #9
    New Lounger
    Join Date
    Jan 2013
    Posts
    13
    Thanks
    10
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Khun Roger View Post
    What a fuss over nothing! "However, with the right precautions — and, of course, long, hard-to-guess passwords — you needn’t lose any sleep over them."

    And a note about "style". "An acquaintance was inadvertently..." etc, etc, etc. I don't really care too much about your acquaintance! But I did want to know how this "app" manages to "break" popular encryption systems. Oh! But it doesn't.

    Sorry, WindowsSecrets, but you need to raise your game if you want people to keep clicking.
    I agree, I've seen this discussed in several forums, always the same scary headline. If you restrict physical access and shut the machine down when away from it, as good security practice woud dictate, then this app is useless for cracking PGP. PGP, or any encryption, is *far* more likely to be cracked by using a short password, or finding a sticky note with the password...

  12. #10
    New Lounger
    Join Date
    Jan 2013
    Posts
    13
    Thanks
    10
    Thanked 2 Times in 2 Posts
    I would only trust Open Source software, I recall when PGP above version 5 came out there was talk of backdoor implementation. It turns out is optional message recovery, not key recovery, but all the same, if i can't see the code, how do I know it is secure?

    Much like Microsoft's recent denials of NSA keys built into the OS, these denials are suspect as they were caught once doing it:

    http://www.heise.de/tp/artikel/5/5263/1.html

  13. The Following User Says Thank You to cipher For This Useful Post:

    brino (2013-02-07)

  14. #11
    Lounger
    Join Date
    Jun 2010
    Location
    Vernon, BC, Canada
    Posts
    36
    Thanks
    2
    Thanked 1 Time in 1 Post
    It starts with that administrator requirement for a memory dump. Assuming your password isn't easy to guess (and you're not sharing your PC with an untrustworthy individual with admin access — in which case, you're hosed, anyway), you should be safe.
    There are 3rd-party live-boot CDs (and ISOs that can be stored on a bootable USB) which can be used to wipe or reset the Administrator password. http://www.hirensbootcd.org/resetting-windows-password/ is an example of one of them. Of course, this is where a potential strength of the EFS file system comes in -- because the encryption is tied to the password signed-in with, unless you reset it to the correct password, you're now hoping that the p/w is tucked away in one of the other locations, or you're hosed. Oh, and it'll be obvious the next time someone tried to sign in as Admin that they've been compromized.

    However, Live CDs are also ways to copy the data off the drive without detection, and hammer away at it at your leisure. The first prevention against hacking this way is physical access. Once you've lost that, it's only a matter of time.

    There have been times I've misplaced a password, and so any tools that can help me recover this p/w is handy and helpful. Of course, it always leaves me wondering how strong my password protection really is.

  15. The Following User Says Thank You to Daniel Bragg For This Useful Post:

    cipher (2013-02-07)

  16. #12
    Star Lounger
    Join Date
    Feb 2010
    Location
    near Ottawa, Ontario, Canada
    Posts
    57
    Thanks
    65
    Thanked 12 Times in 11 Posts
    Personally I'm not too put-off by the sensationalism in the title.......immune to it by now, I guess.

    Two other things did bother me a little:
    1) the sentence: "And it's not as if just anyone could put down $300 and use EFDD to quickly crack encrypted data"
    -the money is no barrier, a hacking group could easily kick in to a pool and afford it
    -and likely it will be offered on a cracking or torrent site (if it's not already) for free
    -ease of use isn't a real barrier either. Who's worried about their Grandma hacking into their files? The threat is from people that know how and enjoy doing it.

    2) Wouldn't the "Force auto-dismount even if volume contains open files or directories." option in TrueCrypt potentially _cause_ data loss if you had a file open for writing when the auto-dismount kicked in?

    brino

  17. The Following User Says Thank You to brino For This Useful Post:

    cipher (2013-02-07)

  18. #13
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, WA, USA
    Posts
    15
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by cipher View Post
    A note on password effectiveness/strength:

    Password effectiveness, after one has used a number/a special character/and an upper case character, is a factor of length. <P@ssword123456> at 16 characters in length is exponentially stronger than any 15 character combination of gobbledygook. Meeting the 3 conditions listed forces the attacker to search through the largest possible space. After that, length NOT randomness, is what makes your password tough to crack. Higher entropy ≠ higher security.

    I write encryption software for Windows and have been an IT security guy for a major US university.
    cipher, I can't say I agree with you here. Yes, password length is significant and would be the only significant guard against a completely random brute-force attack. But, why would someone write a password guesser like that? If I were writing one I'd start with the most popular passwords and then go to refactoring them and then go to a dictionary attack and then to a refactored dictionary attack and only then go to a truly random set of characters. Your "P@ssword123456" despite being 16 characters would easily fall in phase 2, wouldn't it? And that's with just a couple of minutes of thinking about the problem.
    -Eric

    New desktop: Core i7-3.4 GHz, 8 GB RAM, 1 TB HD, Win 7 64-bit
    Old desktop: P4-2.8 GHz, 2 GB RAM, 35 GB 10,000 RPM HD, 300 GB 7200 RPM HD, Win XP 32-bit
    Laptop: Core 2 duo 2.0 GHz, 4 GB RAM, 400 GB HD, Vista 64-bit
    various hulks in the garage: P4-2.4 GHz, Athlon XP1800, PII-450

  19. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, WA, USA
    Posts
    15
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by hqlinux View Post
    I use tropsofts encryption software.

    http://www.tropsoft.com/privateencryptor/

    I have chosen to use MARS as my encryption scheme:


    MARS
    MARS is a block cipher designed by IBM as a candidate algorithm for the Advanced Encryption Standard (AES). It has been selected as one of the five finalists in the AES competition. MARS is unique in that it combines virtually every design technique known to cryptographers in one package. It uses two entirely separate algorithms, so that even if one portion of MARS is broken the rest of the cipher will remain secure and data will still be safe. Due to its design, MARS offers better security than triple DES while running significantly faster than single DES. The combination of high security, high speed, and flexibility makes MARS an excellent choice for the encryption needs of the information world well into the 21st century. The key size is 448 bits (56 characters).

    I doubt very seriously that program would be compromised...
    hqlinux I don't think the type of encryption algorithms have anything to do with keeping your data safe from this kind of decryption program. It's specifically looking for your encryption keys in memory or on the disk. No encryption is a guard against someone who has your key. The question here is how good did the developers deal with internal program security? That being said I wasn't too surprised that TrueCrypt wasn't compromised by these tests since they specifically mention this kind of issue in the documentation in the Data Leaks section. EFDD does make an excellent test tool for testing your encryption software against this kind of vulnerability.
    -Eric

    New desktop: Core i7-3.4 GHz, 8 GB RAM, 1 TB HD, Win 7 64-bit
    Old desktop: P4-2.8 GHz, 2 GB RAM, 35 GB 10,000 RPM HD, 300 GB 7200 RPM HD, Win XP 32-bit
    Laptop: Core 2 duo 2.0 GHz, 4 GB RAM, 400 GB HD, Vista 64-bit
    various hulks in the garage: P4-2.4 GHz, Athlon XP1800, PII-450

  20. #15
    New Lounger
    Join Date
    Jan 2013
    Posts
    13
    Thanks
    10
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by EHarman View Post
    cipher, I can't say I agree with you here. Yes, password length is significant and would be the only significant guard against a completely random brute-force attack. But, why would someone write a password guesser like that? If I were writing one I'd start with the most popular passwords and then go to refactoring them and then go to a dictionary attack and then to a refactored dictionary attack and only then go to a truly random set of characters. Your "P@ssword123456" despite being 16 characters would easily fall in phase 2, wouldn't it? And that's with just a couple of minutes of thinking about the problem.
    To read a detailed, including the math, reasoning behind this go to:

    https://www.grc.com/haystack.htm

    <p@ssword123456> = Include the <and> to make it 16 characters...
    Massive Cracking Array Scenario:
    (Assuming one hundred trillion guesses per second) 8.52 hundred thousand centuries
    Last edited by cipher; 2013-02-07 at 16:22. Reason: add

  21. The Following User Says Thank You to cipher For This Useful Post:

    bobprimak (2013-02-08)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •