Bruce Nikkel encryption.pdf
Bruce Nikkel encryption.pdf
Bruce Nikkel encryption.pdf
Fichier Détails
Cartes-fiches | 9 |
---|---|
Langue | English |
Catégorie | Informatique |
Niveau | Université |
Crée / Actualisé | 20.06.2019 / 01.07.2020 |
Attribution de licence | Non précisé |
Lien de web |
https://card2brain.ch/box/20190620_bruce_nikkel_encryption_pdf
|
Intégrer |
<iframe src="https://card2brain.ch/box/20190620_bruce_nikkel_encryption_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What are the pros and cons of encryption?
- encryption protects good people
- encryption hides evil activity
- people must have privacy/security
- people/society must be safe from criminals
There are two extreme sides:
- permanent police access to anything, everithing
- no police access to anything ever
Name some different types of encryption.
- application file encryption - protect PDF, office docs, etc
- individual file containers - GPG, Encrypted Zip
- directories - ecryptfs, ext4 encryption
- volumes - TrueCrypt / Veracrypt
- block devices - Linux LUKS, MS Bitlocker, Apple FileVault
- drive hardware - OPAL/SED (Self Encrypting Drive)
What is requiered for decryption and what is the forensic chalenge?
Decrypting requieres:
- password or passphrase
- cryptographic key string or key file
- smartcard or hard token
The forensic challenge is to find the decryption key
What are the possibilites to recover a password?
- brute foce and dictionary attacks to find simple passwords
- cryptanalysis (mathematical weakness, reduce keyspace)
- finding passwords saved/written/transferred previously
- password reuse across multiple accounts or devices
- legal requierment to produce passwords in court
- cooperative owner or accomplice who provides the password
- key backup/escrow in enterprise environments
- exploit, vulnerability, or backdoor
- social engineering or other tricks (forced biometrics, keyloggers, a very good lelscope)
In the forensics community this is called password/key "recovery" not "cracking" (but its the same)
Explain what a bruteforce attack is. Describe some methods used.
Brute force is simply trying an exhastive number of passwords/keys until you find the right one - guessing.
Some brute force methods:
- GPU cluster - use graphic cards to brute force
- rainbow tables - precomputed tables of cryptographic hashes
What do you need to keep in mind when bruteforceing?
Be careful of "maximum attempts" : e.g. smartcards blocking, smart devices wiping, after X failed attempts.
Name to other methods to recover a password excluding bruteforce attacks.
- Extract keys from memory (PCI-bus DMA attacks)
- man-in-the-middle attacks on network traffic
Name some open source tools that can be used to recover passwords and what they do.
- John the Ripper (brute force) - very customizable
- HashCat (brute force) - good GPU support
- bulk_extractor - forensic tool creates work list from a disk image
- Inception - PCI based DMA memory dumper
Current research: analysis of electromagnetic radiation and electrical signal variations to reduce keyspace.