Category Archives: Cryptography

Pointsec Disk Encryption Cracked? Not so fast…

Filed under Cryptography

The SANS ISC posted an article titled “Pontsec Disk Encryption Cracked”. Really? Cracked? I was thinking that there was some new cool uber l337 hax0r tool that breaks disk encryption from boot…and no, this isn’t the cold boot attack that has gotten all the attention lately. This is the firewire attack (winlockpwn tool) on Windows that has been known since security researcher Adam Boileau discovered this “feature” back in 2006 (it’s just that the code hasn’t been released until recently). Adam sums up the firewire “feature” best on his web site:

“Yes, you can read and write main memory over firewire on windows.
Yes, this means you can completely own any box who’s firewire port you can plug into in seconds.
Yes, it requires physical access. People with physical access win in lots of ways. Sure, this is fast and easy, but it’s just one of many.
Yes, it’s a FEATURE, not a bug. It’s the Fire in Firewire. Yes, I know this, Microsoft know this. The OHCI-1394 spec knows this. People with firewire ports generally dont.”

This LuciData “hack” doesn’t crack disk encryption at all. If the laptop was powered off..that’s a different story. Like Adam says…if you have physical access to a live computer there are lots of attacks you could do..not just the firewire one. Before we announce that the sky is falling…lets get the real details first please. If you are using any disk encryption (not just Pointsec) you should be using pre-boot authentication anyway as this is what most vendors recommend as a best practice for a corporate deployment.

Cold Boot Attack Tool Released

Filed under Cryptography

Well, that didn’t take long…a tool to dump the memory and pull the encryption keys off of encrypted hard drives has been released. Like I said in a previous post, it was only a matter of time and the risk/threat vector of this vulnerability starts to change with the release of a tool.

On a related note, there was a good blog post over on Princess of Antiquity about some potential engineering solutions to this vulnerability you may be interested in reading about as well as some potential mitigations to this vulnerability that are being discussed. I actually like her quote at the end of her post:

“What we should remember is that no matter how strong your lock is, if you leave the key lying around, you might as well leave the door wide open.”

How true! 🙂

Cold Boot Attacks on Encryption Keys- Whats the risk?

Filed under Cryptography

I am sure everyone has heard about and watched the YouTube video of the Princeton researchers that conduct cold boot attacks on encrypted hard disks. If you haven’t, I highly suggest you do. As everyone agrees…this is a very significant vulnerability and every organization that uses software to encrypt hard disks should look at ways to mitigate this new risk.

There are a ton of articles already about this new threat so I won’t bore you with the details…however, I have found one posted by Rich over at that sums up the entire issue and what risk this might have for your organization.

One thing I would like to highlight in his article is that you should contact the vendor of the hard disk encryption product you use to see if they plan to address this new vulnerability. It will only be a matter of time until the first tool is out there in the wild and actively exploited on stolen laptops.

TrueCrypt adds Full Hard Disk Encryption, Mac OS X Support

Filed under Cryptography


Big news from the TrueCrypt Foundation yesterday…the new version of TrueCrypt (v5.0) supports full disk encryption and/or encryption of the system partition using pre-boot authentication. In addition, Mac OS X support was added and a GUI interface for the Linux version is now included. From the TrueCrypt web site:

“TrueCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots (a TrueCrypt-encrypted system drive may also contain non-system partitions, which are encrypted as well).”

Full disk encryption only works for drives with Windows installed in this new version (including Vista). This is great news considering TrueCrypt is a free, open source encryption solution. Now there is no excuse for companies to deploy full disk encryption to laptops containing customer, employee, or other confidential data. I personally use TrueCrypt with my USB thumb drive and is simply the best mobile encryption solution I have ever used (and it’s free).

Stay tuned for my review of TrueCrypt’s full disk encryption in an upcoming article.

Download the new version of TrueCrypt here.

Cross Platform File Encryption – Drop Secure Professional 2.0

Filed under Cryptography

Pretty unique file encryption program available for Mac and Windows now available. It’s called Drop Secure Professional 2.0. What makes this program different then others is that it:

“…starts by dividing up the file into small chunks. By default, those chunks are 256 bytes long. Each chunk is encrypted with a separate cipher, using a separate password that is derived from a hash of information provided by the user, from the archive, and from the data being encrypted. This password is used only once for that one chunk of data, and then discarded. The chunks of data are placed in an archive file, with pertinent information encrypted again as a group.”


“When used with one of the encryption types that support 256 bit key sizes, Drop Secure ProTM meets and exceeds recommendations for security and key strength set by DCSSI, BSI, and the NSA.”

Not a bad investment for $57. You can download a 30-day trail here.

TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software

Filed under Cryptography

A few months ago I heard on the “Security Now!” podcast that there was a really good open-source encryption application that is so good that it is literally scary. It is so good, and so well done that you can use it for “plausible deniability“. In TrueCrypt, this provides you with (from the TrueCrypt website):

1. True hidden volumes.

2. It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of “signature”). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted.

Pretty cool eh? As a bonus, you can create a TrueCrypt volume on a USB flash drive for portablity. So now you can carry a USB flash drive around with nothing but “random data”…and if you are caught with the secret plans to take over the world..they can be safely hidden within a secret volume..which on the outside contains your income tax returns that you were safeguarding. 🙂 I hope to do a full review of TrueCrypt in the near future and let you know how the installation and ease of use is.

TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows XP/2000 and Linux