en.wikipedia.org/wiki/Pretty_Good_Privacy
You might want to just scroll down to the section where it says Security Quality.
decrypting FDE hard drives
hi,
is it possible to decrypt or retrieve the PGP key from a Full Disk Encrypted hard drive? any response is very appreciated.
cheers.
en.wikipedia.org/wiki/Pretty_Good_Privacy
You might want to just scroll down to the section where it says Security Quality.
FDE and attacks
With most full disk encryption schemes out there, the actual encryption itself is pretty solid. However most companies dont like placing the encryption softwares authentication before the windows load (this authentication is called preboot authentication because you authenticate yourself as a valid user prior to Windows loading).
Theres a very good reason why best security practices turns this on, because if you get an encrypted device that is encrypted but still lets you boot into Windows you can attack the windows session over the network, gain a remote admin exploit and boom game over.
Not sure if you're looking to do that but thats an option. I've seen some of the other commercial stuff have other weaknesses (if you're on the network on an encrypted device and want its recovery media a lot of them log out to network shares so if you're on an encrypted device sniff its network traffic in the first 5-15 minutes to see what it trys to dump out to, a lot of the time you can snag the encryption recovery keys, depending on the software if it works that way).
most of the products ive seen (Utimaco, PGP, Pointsec, Etc) teh weakness is more so in the configuration than the encryption itself. A lot of them do a lot of checking when the device is booting, i've had some interesting results having non-normal formats for usb devices plugged in (ie crashes in the software itself and blue screens in the windows session on load).
I'm trying to learn more on how i can exploit some of these blatant bad error checking but everything takes time.
I know you were looking more along the lines of a decryptor type thing BUuuuut....dont attack the fort wall attack the doors and windows [heeehee windows...]
LMAO, Now I know why they call it windows and not walls!I know you were looking more along the lines of a decryptor type thing BUuuuut....dont attack the fort wall attack the doors and windows [heeehee windows...]
Can't the encryption key be brute forced?
if it can be brute forced then does ne one know what linux command to use with john and possibly mount or is there some pre built software that can do this already?
Originally Posted by hhmatt81
keys can be brute forced. However the real question is how long will it take.
The more complex the key the longer it will take,
The simpler keys take less time.
Once this question is answered for the attacker the next question is , Is the data worth the time, effort.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
thanks for your feedback but i decided after running autopsy and finding no results that the information on the laptop was not worth the effort and was able to delete the partition and install a fresh copy of windows.
thanks everyone.
Posting Permissions