Partenaire Premium
c2b_default

Bruce Nikkel encryption.pdf

Bruce Nikkel encryption.pdf

Bruce Nikkel encryption.pdf

9
0.0 (0)

Fichier Détails

Cartes-fiches 9
Langue English
Catégorie Informatique
Niveau Université
Crée / Actualisé 20.06.2019 / 01.07.2020
Attribution de licence Non précisé
Lien de web
https://card2brain.ch/box/20190620_bruce_nikkel_encryption_pdf
Intégrer
<iframe src="https://card2brain.ch/box/20190620_bruce_nikkel_encryption_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>

What are the pros and cons of encryption?

  • encryption protects good people
  • encryption hides evil activity
  • people must have privacy/security
  • people/society must be safe from criminals

There are two extreme sides:

  • permanent police access to anything, everithing
  • no police access to anything ever

Name some different types of encryption.

  • application file encryption - protect PDF, office docs, etc
  • individual file containers - GPG, Encrypted Zip
  • directories - ecryptfs, ext4 encryption
  • volumes - TrueCrypt / Veracrypt
  • block devices - Linux LUKS, MS Bitlocker, Apple FileVault
  • drive hardware - OPAL/SED (Self Encrypting Drive)

What is requiered for decryption and what is the forensic chalenge?

Decrypting requieres:

  • password or passphrase
  • cryptographic key string or key file
  • smartcard or hard token

The forensic challenge is to find the decryption key

What are the possibilites to recover a password?

  • brute foce and dictionary attacks to find simple passwords
  • cryptanalysis (mathematical weakness, reduce keyspace)
  • finding passwords saved/written/transferred previously
  • password reuse across multiple accounts or devices
  • legal requierment to produce passwords in court
  • cooperative owner or accomplice who provides the password
  • key backup/escrow in enterprise environments
  • exploit, vulnerability, or backdoor
  • social engineering or other tricks (forced biometrics, keyloggers, a very good lelscope)

In the forensics community this is called password/key "recovery" not "cracking" (but its the same)

 Explain what a bruteforce attack is. Describe some methods used.

Brute force is simply trying an exhastive number of passwords/keys until you find the right one - guessing.

Some brute force methods:

  • GPU cluster - use graphic cards to brute force
  • rainbow tables - precomputed tables of cryptographic hashes

What do you need to keep in mind when bruteforceing?

Be careful of "maximum attempts" : e.g. smartcards blocking, smart devices wiping, after X failed attempts.

Name to other methods to recover a password excluding bruteforce attacks.

  • Extract keys from memory (PCI-bus DMA attacks)
  • man-in-the-middle attacks on network traffic

Name some open source tools that can be used to recover passwords and what they do.

  • John the Ripper (brute force) - very customizable
  • HashCat (brute force) - good GPU support
  • bulk_extractor - forensic tool creates work list from a disk image
  • Inception - PCI based DMA memory dumper

Current research: analysis of electromagnetic radiation and electrical signal variations to reduce keyspace.