Category Archives: Cryptography

Pointsec Disk Encryption Cracked? Not so fast…

1
Filed under Cryptography

The SANS ISC posted an article titled “Pontsec Disk Encryption Cracked”. Really? Cracked? I was thinking that there was some new cool uber l337 hax0r tool that breaks disk encryption from boot…and no, this isn’t the cold boot attack that has gotten all the attention lately. This is the firewire attack (winlockpwn tool) on Windows that has been known since security researcher Adam Boileau discovered this “feature” back in 2006 (it’s just that the code hasn’t been released until recently). Adam sums up the firewire “feature” best on his web site:

“Yes, you can read and write main memory over firewire on windows.
Yes, this means you can completely own any box who’s firewire port you can plug into in seconds.
Yes, it requires physical access. People with physical access win in lots of ways. Sure, this is fast and easy, but it’s just one of many.
Yes, it’s a FEATURE, not a bug. It’s the Fire in Firewire. Yes, I know this, Microsoft know this. The OHCI-1394 spec knows this. People with firewire ports generally dont.”

This LuciData “hack” doesn’t crack disk encryption at all. If the laptop was powered off..that’s a different story. Like Adam says…if you have physical access to a live computer there are lots of attacks you could do..not just the firewire one. Before we announce that the sky is falling…lets get the real details first please. If you are using any disk encryption (not just Pointsec) you should be using pre-boot authentication anyway as this is what most vendors recommend as a best practice for a corporate deployment.

Cold Boot Attack Tool Released

1
Filed under Cryptography

Well, that didn’t take long…a tool to dump the memory and pull the encryption keys off of encrypted hard drives has been released. Like I said in a previous post, it was only a matter of time and the risk/threat vector of this vulnerability starts to change with the release of a tool.

On a related note, there was a good blog post over on Princess of Antiquity about some potential engineering solutions to this vulnerability you may be interested in reading about as well as some potential mitigations to this vulnerability that are being discussed. I actually like her quote at the end of her post:

“What we should remember is that no matter how strong your lock is, if you leave the key lying around, you might as well leave the door wide open.”

How true! 🙂

Cold Boot Attacks on Encryption Keys- Whats the risk?

1
Filed under Cryptography

I am sure everyone has heard about and watched the YouTube video of the Princeton researchers that conduct cold boot attacks on encrypted hard disks. If you haven’t, I highly suggest you do. As everyone agrees…this is a very significant vulnerability and every organization that uses software to encrypt hard disks should look at ways to mitigate this new risk.

There are a ton of articles already about this new threat so I won’t bore you with the details…however, I have found one posted by Rich over at Securosis.com that sums up the entire issue and what risk this might have for your organization.

One thing I would like to highlight in his article is that you should contact the vendor of the hard disk encryption product you use to see if they plan to address this new vulnerability. It will only be a matter of time until the first tool is out there in the wild and actively exploited on stolen laptops.