Karten 9 Karten
Lernende 2 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 20.06.2019 / 01.07.2020
Lizenzierung Keine Angabe
0 Exakte Antworten 9 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

What are the pros and cons of encryption?

  • encryption protects good people
  • encryption hides evil activity
  • people must have privacy/security
  • people/society must be safe from criminals

There are two extreme sides:

  • permanent police access to anything, everithing
  • no police access to anything ever
Fenster schliessen

Name some different types of encryption.

  • application file encryption - protect PDF, office docs, etc
  • individual file containers - GPG, Encrypted Zip
  • directories - ecryptfs, ext4 encryption
  • volumes - TrueCrypt / Veracrypt
  • block devices - Linux LUKS, MS Bitlocker, Apple FileVault
  • drive hardware - OPAL/SED (Self Encrypting Drive)
Fenster schliessen

What is requiered for decryption and what is the forensic chalenge?

Decrypting requieres:

  • password or passphrase
  • cryptographic key string or key file
  • smartcard or hard token

The forensic challenge is to find the decryption key

Fenster schliessen

What are the possibilites to recover a password?

  • brute foce and dictionary attacks to find simple passwords
  • cryptanalysis (mathematical weakness, reduce keyspace)
  • finding passwords saved/written/transferred previously
  • password reuse across multiple accounts or devices
  • legal requierment to produce passwords in court
  • cooperative owner or accomplice who provides the password
  • key backup/escrow in enterprise environments
  • exploit, vulnerability, or backdoor
  • social engineering or other tricks (forced biometrics, keyloggers, a very good lelscope)

In the forensics community this is called password/key "recovery" not "cracking" (but its the same)

Fenster schliessen

 Explain what a bruteforce attack is. Describe some methods used.

Brute force is simply trying an exhastive number of passwords/keys until you find the right one - guessing.

Some brute force methods:

  • GPU cluster - use graphic cards to brute force
  • rainbow tables - precomputed tables of cryptographic hashes
Fenster schliessen

What do you need to keep in mind when bruteforceing?

Be careful of "maximum attempts" : e.g. smartcards blocking, smart devices wiping, after X failed attempts.

Fenster schliessen

Name to other methods to recover a password excluding bruteforce attacks.

  • Extract keys from memory (PCI-bus DMA attacks)
  • man-in-the-middle attacks on network traffic
Fenster schliessen

Name some open source tools that can be used to recover passwords and what they do.

  • John the Ripper (brute force) - very customizable
  • HashCat (brute force) - good GPU support
  • bulk_extractor - forensic tool creates work list from a disk image
  • Inception - PCI based DMA memory dumper

Current research: analysis of electromagnetic radiation and electrical signal variations to reduce keyspace.