ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Legitimate app breaks popular encryption - EFS, BitLocker, TrueCrypt ...

(1/7) > >>

Carol Haynes:
In the current Windows Secrets newsletter EFDD can crack popular encryption, even with tough random passwords:

Conventional wisdom has been that files protected with good encryption can’t be cracked.

But a new, $300, wizard-driven app can unlock BitLocker-, PGP-, and TrueCrypt-encrypted files, folders, and drives — no matter how strong a password you’re using.

It’s the sort of story that could keep you up at night. Last month, Elcomsoft released the Elcomsoft Forensic Disk Decryptor (EFDD; more info), a program that opens encrypted files without trying to guess your password or attack it with brute force (Wikipedia info). In fact, the actual password is effectively irrelevant. A long, random string such as bS2f#[voIT+?@=Uq3a,.B provides no better protection against EFDD than would "password" or "12345."
--- End quote ---

See http://windowssecrets.com/newsletter/legitimate-app-breaks-popular-encryption-systems/#story1 for the full story.

ewemoa:
Thanks for the link.

Thought the following bit was worth quoting.

From the article:
Cracking passwords is the most common way to unlock encrypted files, but it isn't the only way. The keys to decrypting your darkest secrets might be floating around in RAM from the last time you opened an encrypted file. Or perhaps, if Windows ran out of physical RAM, they're sitting in your swap file. They could also be hiding in your hibernation file — assuming that you hibernate your PC.

EFDD (or a similar app) searches those areas for possible keys. It then tries any keys it finds on your encrypted files. Sometimes it works; sometimes it doesn't.

--- End quote ---

Renegade:
@ewemoa - Thanks for posting that quickly... My heart sunk a bit and my stomach dropped when I first read the description. It sounded like they'd effectively gotten around the encryption entirely. Glad to hear that it's still password-based... Phew!

f0dder:
Yeah, nothing to see here, really.

This has been doable for quite a while, and even outside Sekrit Forensikz, there's freely available tools to do it. The Elcomsoft program just makes it a bit more convenient (even the Firewire-DMA attack that can be used on a computer that has been locked isn't new).

Also note that this doesn't recover your passphrase - it recovers the raw encryption key. That is obviously enough to get at your data, but in no way leads to disclosure of the passphrase itself :)

40hz:
Yup. Nothing new here. Although I'm guessing some wannabe hackboys just might end up with their wallets or Paypal accounts being  $300 lighter if they don't do their homework before reaching for their plastic.
 8)

Navigation

[0] Message Index

[#] Next page

Go to full version