Coffeehouse Thread

37 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Cracking Hard Drives...

Back to Forum: Coffeehouse
  • User profile image
    MisterDonut

    I don't usually link to Slashdot, but it's Friday.

    http://yro.slashdot.org/yro/05/11/04/1348200.shtml?tid=123&tid=198&tid=93

    It talks about how Police need to hold terror suspects 90 days, because thats how long it takes to crack a hard drive encryption.


    My questions: 
       EFS uses DES encryption (IIRC)  and isn't all that secure (why did Banks go to Triple DES prior to the AES standard?). Can Public Key encryption be cracked that soon? I doubt it, not how processor intensive it can be.

    Also, how does Microsoft's new proprietary file encryption mechanism fare against this? I believe Vista supports Volume Encryption using a completely new encryption technique that is kept private. (That's what I understood from some security guys at PDC). Do you think Microsoft has "back doors" in it? Or do yu think it will be easy to break?

  • User profile image
    Manip

    Welcome to three days ago....

    Yes the Anti-Terrorism Bill 2005 bill got passed, yes only by one vote..

    Why is everyone so concerned by this 90 day business? I'm far more concerned about the "Inciting or glorifying terrorism" clause in that you could be arrested if you write something to the effect of - "I thought the London bombings rocked!" - opps I think I just broke the law...

    And in fact if an American said the above they would also be breaking UK law and could be extradited from the USA or other countries of whom we have an extradition treaty with (Read: almost ALL countries).

    The AT 2005 bill does not make a distinction between people breaking the "Incitement or Glorifying Terrorism" clause in the UK or anywhere else.

    And if you think I'm making stuff up about Americans being extradited and charged under this <future> act then I suggest you read the bill and then read our extradition treaty.

  • User profile image
    billh

    Where it gets real tricky is what exactly is defined as "t*****ism"? That definition seems to change at will, and currently, much of it is based on an ideology and speech rather than concrete acts.

  • User profile image
    blowdart

    Manip wrote:


    And if you think I'm making stuff up about Americans being extradited and charged under this <future> act then I suggest you read the bill and then read our extradition treaty.



    You want scary? Look at the agreement we have in reverse. We will extradite UK citizens to the US upon request. It used to be that evidence had to be offered up in court to support the charges that the US said the citizen was guilty of, but it hasn't been that way for a little while now.

    As for the rest? Having been born in Northern Ireland, none of this surprises me at all.

  • User profile image
    W3bbo

    blowdart wrote:
    As for the rest? Having been born in Northern Ireland, none of this surprises me at all.


    Hopefully we won't go the way of Israel and have a constant "State of emergency".

    I wonder how many politicians agree that by passing these draconian laws, we're just giving the "OMG TERRORISTS!" what they want... mass fear.

    I hope the Liberal Democrats win the next election, if not them, then at least the conversatives (we need a change anyway, just for the sake of it, not that I agree with their policies much)

  • User profile image
    blowdart

    W3bbo wrote:

    Hopefully we won't go the way of Israel and have a constant "State of emergency".


    Oh the innocence of youth. We've had a state of emergency since the first anti-terrorism laws were passed and internment started,

  • User profile image
    Manip

    Manip votes Lib Dem Smiley

    I think all three parties should be renamed for accuracy:

    Neutral Party
    Gray Party
    Central Party

    With all three using white as their colour.... heh Tongue Out

  • User profile image
    W3bbo

    blowdart wrote:
    W3bbo wrote:
    Hopefully we won't go the way of Israel and have a constant "State of emergency".


    Oh the innocence of youth. We've had a state of emergency since the first anti-terrorism laws were passed and internment started,


    Ye-gads!

    I'm soooo moving to Switzerland as soon as my budget allows Smiley

  • User profile image
    Manip

    blowdart wrote:
    W3bbo wrote:
    Hopefully we won't go the way of Israel and have a constant "State of emergency".


    Oh the innocence of youth. We've had a state of emergency since the first anti-terrorism laws were passed and internment started,


    I don't mean to sound like a nut job... But it does sound a lot like the 'enemy' in the book 1984.... I mean the constant threat used to take away people's freedoms with the promise that when people are safe those freedoms will be returned, except of course people are never safe...  

  • User profile image
    msemack

    MisterDonut wrote:
    EFS uses DES encryption (IIRC)  and isn't all that secure (why did Banks go to Triple DES prior to the AES standard?). Can Public Key encryption be cracked that soon? I doubt it, not how processor intensive it can be.


    EFS uses DESX encryption by default (which is a little tougher to crack than regular DES).  XP and later also support using Triple-DES for EFS.

  • User profile image
    W3bbo

    Manip wrote:
    blowdart wrote:
    W3bbo wrote:
    Hopefully we won't go the way of Israel and have a constant "State of emergency".


    Oh the innocence of youth. We've had a state of emergency since the first anti-terrorism laws were passed and internment started,


    I don't mean to sound like a nut job... But it does sound a lot like the 'enemy' in the book 1984.... I mean the constant threat used to take away people's freedoms with the promise that when people are safe those freedoms will be returned, except of course people are never safe...  


    Manip: Report to room 101 immediately!

  • User profile image
    Mike Dimmick

    Public Key Cryptography is still unfeasibly slow except for very small amounts of data. I think every practical PKI scheme uses a shared key algorithm for encrypting the data, using the public/private key pair only to encrypt/decrypt the shared key.

    According to this page, the default algorithm for XP SP1 and Server 2003 is 256-bit AES. Windows 2000 uses 128-bit DESX in 'high encryption' versions - Windows 2000 Service Pack 2 enabled high encryption on all installations. 3DES (Triple DES) can be enabled for Windows XP and Server 2003 if required.

    It's unlikely that the Volume Encryption feature would use some new, otherwise unpublished algorithm. That goes completely against everything coming out of the software security team. What I believe it does do is store the volume encryption key in the Trusted Platform Module - the feature will only work if a TPM is present. The theory goes that only software that can present the correct key identifier to the TPM can decrypt the volume. I trust Microsoft not to introduce back doors into the software.

    To decrypt an EFS file, therefore, assuming that there aren't any flaws in the encryption algorithm, is a case of trying all the possible keys. The only way to know whether you've hit the right key is to see whether the file is readable. For some file formats it's possible to just examine the first few bytes of the file - for example a couple of Word 2003 files I've just looked at both start (in binary) D0 FC 11 E0 A1 B1 1A E1. If they've used plain text you can't rely on any structure and would have to sample the proposed plaintext to determine whether it was probably text or not. I don't think even attacking a 128-bit key with DESX is actually practical in 90 days - I just think that's a number picked out of the air with no substantial basis.

    So there you go. If you want to encrypt data using EFS, prefer Windows XP SP1 or later over Windows 2000, and use plain text because it's harder for an attacker to determine when they've got a result.

  • User profile image
    MisterDonut

    Mike Dimmick wrote:

    It's unlikely that the Volume Encryption feature would use some new, otherwise unpublished algorithm. That goes completely against everything coming out of the software security team. What I believe it does do is store the volume encryption key in the Trusted Platform Module - the feature will only work if a TPM is present. The theory goes that only software that can present the correct key identifier to the TPM can decrypt the volume. I trust Microsoft not to introduce back doors into the software.


    I'd double check on that assumption about an unpublished algorithm. I *really* hope I misunderstood Microsoft when speaking with those guys at PDC. I brought up just that point you did: it goes against all security principles they recommend..

    Anyone from MS care to comment??

  • User profile image
    MisterDonut

    Mike Dimmick wrote:


    To decrypt an EFS file, therefore, assuming that there aren't any flaws in the encryption algorithm, is a case of trying all the possible keys. The only way to know whether you've hit the right key is to see whether the file is readable. For some file formats it's possible to just examine the first few bytes of the file - for example a couple of Word 2003 files I've just looked at both start (in binary) D0 FC 11 E0 A1 B1 1A E1. If they've used plain text you can't rely on any structure and would have to sample the proposed plaintext to determine whether it was probably text or not. I don't think even attacking a 128-bit key with DESX is actually practical in 90 days - I just think that's a number picked out of the air with no substantial basis.


    But, you don't have to check the whole proposed file. Most open (or at least published) file formats have certain text headers you can compare to. For example, if you have an .xml file, you can be sure that the first character is a '<'. HTML files are also predictable. So, plain text isn't as reliable.. 

    I believe, that the only true secure format is *one-time* XOR Encryption. But, then you have to worry about transferring keys.

    I agree with your 90 day assessment.. However, I *think* that Microsoft never salted their DESX, making it easier to build a database of possibilities.

  • User profile image
    AndyC

    Manip wrote:

    I don't mean to sound like a nut job... But it does sound a lot like the 'enemy' in the book 1984.... I mean the constant threat used to take away people's freedoms with the promise that when people are safe those freedoms will be returned, except of course people are never safe...  


    Yes, it does rather doesn't it. George "just call me Nostradamus" Orwell was a very smart bloke...

    MisterDonut wrote:

    I'd double check on that assumption about an unpublished algorithm.


    I thought that by that they ment it used a different (already published) encryption algorithm to those currently used in XP, but they weren't going to publish which one it is. The theory being that it's hard to crack, let's say DESX, but even harder if you don't know that it's DESX in the first place.

  • User profile image
    MisterDonut

    I'd feel a lot better if it's a published algorithm, but they don't say what it is. Trial and Error will eventually reveal which one it is.

    But, I really think it's proprietary...

    Hope someone can correct me.

  • User profile image
    Devils​Rejection

    Wouldn't the logical way not to get caught is to just run a live os off a cd?

  • User profile image
    Manip

    DevilsRejection wrote:
    Wouldn't the logical way not to get caught is to just run a live os off a cd?


    .... How do you figure? A live CD is no more or less secure than a OS running on a hard disk...

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.