Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 22 Oct 2014, 10:08
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Cheap GPUs are rendering strong passwords useless?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [22 Posts]   Goto page: Previous 1, 2
Author Message
DPUP5520

Joined: 16 Feb 2011
Posts: 801

PostPosted: Mon 06 Jun 2011, 13:02    Post subject:  

Yes I remember that article, I read it a few months back, however there are two points there.

1. Truecrypt was not the only encryption program used to encrypt the drives
2. The ENTIRE drive/system was encrypted

Those drives if I remember correctly were encrypted using 6.3 though I can't remember what the other program used was.

_________________
PupRescue 2.5
Puppy Crypt 528
Back to top
View user's profile Send private message 
Swaphead


Joined: 04 Nov 2010
Posts: 23

PostPosted: Fri 24 Jun 2011, 09:29    Post subject:  

I've read this thread with lots of interest (but not much understanding
Embarassed )

I'm confused by the terms "password hash" and "password hash file".

Are we talking about a cracker gaining access to a file (or one item in a file) on (say) a Bank's website? Is that negligence on the bank's part?
Or is this standard practice because the information is encrypted?

Or are we talking about a cracker gaining access to (say) my machine?
I got lost when we started talking about Puppy and hard-drive encryption.
(I was probably lost already!)
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11118
Location: Arizona USA

PostPosted: Fri 24 Jun 2011, 10:14    Post subject:  

Swaphead, here's how I understand it:

The passwords are encrypted by a program which I'll call a hash algorithm because the encrypted password is called a hash and I don't know why. For some reason, probably convenience, the encrypted (hashed) passwords are stored in a file outside the main data base, the password hash file. The main data base may or may not be encrypted. (It seems to me that if it is encrypted, the encrypted passwords ought to be stored within it in such a way that they are not seen as a separate file.) And yes, you are right; it is negligence to allow access to the password hash file. Once a cracker has that file and the hash algorithm, he can run stuff through the hash algorithm until he hits on something that matches an entry in the stolen file. That's a password, which he can then use to gain access to that account in the main data base.
Back to top
View user's profile Send private message 
Swaphead


Joined: 04 Nov 2010
Posts: 23

PostPosted: Fri 24 Jun 2011, 10:57    Post subject:  

Flash wrote:
Swaphead, here's how I understand it:

The passwords are encrypted by a program which I'll call a hash algorithm because the encrypted password is called a hash and I don't know why. For some reason, probably convenience, the encrypted (hashed) passwords are stored in a file outside the main data base, the password hash file. The main data base may or may not be encrypted. (It seems to me that if it is encrypted, the encrypted passwords ought to be stored within it in such a way that they are not seen as a separate file.) And yes, you are right; it is negligence to allow access to the password hash file. Once a cracker has that file and the hash algorithm, he can run stuff through the hash algorithm until he hits on something that matches an entry in the stolen file. That's a password, which he can then use to gain access to that account in the main data base.



Thanks, Flash

I see what was confusing me most -
it's the hacker's knowledge of / or access to/ the hash algorithm.
I am no mathematician, but it seems to imply that sites are using a very limited number of widely known algorithms, or else
they are making the hash algorithm as easily available as the hash file.
Back to top
View user's profile Send private message 
Mechanic_Kharkov


Joined: 24 Jul 2011
Posts: 9
Location: Kharkov, Ukraine

PostPosted: Sun 24 Jul 2011, 11:31    Post subject:  

DPUP5520 wrote:
And as pointed out numerous times on this forum it's too easy to wipe a user password on a windows machine, which leaves us with encrypted files which depending on the program used to encrypt them alot can also be easily crack(truecrypt was proved to be vastly unreliable for encrypting single files and folders a few years back no matter how long the password).

Please, show some link to such prove. I use TrueCrypt and it's important to me! But I typically use it to encrypt partitions, handle encrypted file containers, not for single file / folder. And anyway it's very interesting to know it prior that anybody else can get the ICE broken.

If You mean discovery of Bruce Schneier that affects TC's "Plausible Deniability" mechanism only, that is not critical and really is not an issue of TrueCrypt Itself, but disk writing programs, saving data in unencrypted locations.
And how lame are FBI hackers in this case? Wink

And what about GPUs - bravo! Respect to I. Golubev!
How they (GPU developers) could know what their devices would be used for... Really much faster.
Back to top
View user's profile Send private message 
DPUP5520

Joined: 16 Feb 2011
Posts: 801

PostPosted: Sun 24 Jul 2011, 15:45    Post subject:  

http://www.lostpassword.com/hdd-decryption.htm

http://brian.carnell.com/articles/2008/truecrypt-deniable-file-system-broke/

The first link refers to the newest version of truecrypt while the second refers to an older version

http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html

Info on the old Evil Maid attack

Most of this info is a little older and does not really apply to 7.0a however it shows vulnerabilities in Truecrypt (or any encryption method) unless you are encrypting the entire filesystem.

_________________
PupRescue 2.5
Puppy Crypt 528
Back to top
View user's profile Send private message 
Mechanic_Kharkov


Joined: 24 Jul 2011
Posts: 9
Location: Kharkov, Ukraine

PostPosted: Sun 24 Jul 2011, 21:50    Post subject:  

Thank you, DPUP5520 for good news!
There is no TrueCrypt encryption vulnerabilities info under given links was found.
There are some explanations on my opinion about the links here.

1. This decryptor use memory snapshot with encrypted volume open and keys in RAM. If you let the attacker to take a snapshot of your entire RAM, then you can also tell him all your passwords from all used security tools in time as well.
Quote:
NOTE: If the target computer is turned off and the TrueCrypt/BitLocker volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns Brute-force attacks to recover the original password for the volume.

About RAM access I told above, and hiberfil.sys can contain such data of a very lame user only. And what about brute-force with more-than-200-bits-length passwords... Smile

2. As I said before, all that Bruce Schneier and company were compromised is the Plausible Deniability feature only. The encrypted data itself can not be compromised in this way, just the fact that there is some encrypted data on the volume. And if one uses encrypted disk, and that one knows how software like mentioned MS Office handles files, then that one can easily set up necessary secure environment to prevent such data leakage (e.g. create RAM disk to store Windows temporary directories in it, prevent swap-file usage, etc).

3. This fantastic invisible girl Joanna Rutkowska has a wonderful brain, and if you don't eat color pills from her hands then she sends to you an evil maid! Smile
This attack like the first one uses full memory access. So it affects total system's security but not the TrueCrypt's only. If you run any kind of evil code that have full read access to your RAM - there is no secure thing possible on your system at all. And it does not matter how that code was executed, with boot-loader, or with ordinary horse, elevating rights.
Btw, if you have administrative rights on target machine then you can easily use any kind of keylogger instead of such an exotic way to take keys.

So, still sure TrueCrypt is my trusted friend. Thanks.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [22 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0682s ][ Queries: 12 (0.0044s) ][ GZIP on ]