Results 1 to 7 of 7

Thread: decrypting FDE hard drives

  1. #1
    Just burned his ISO hexabot's Avatar
    Join Date
    Jan 2010
    Posts
    5

    Default decrypting FDE hard drives

    hi,

    is it possible to decrypt or retrieve the PGP key from a Full Disk Encrypted hard drive? any response is very appreciated.

    cheers.

  2. #2
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    en.wikipedia.org/wiki/Pretty_Good_Privacy

    You might want to just scroll down to the section where it says Security Quality.

  3. #3
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Default FDE and attacks

    With most full disk encryption schemes out there, the actual encryption itself is pretty solid. However most companies dont like placing the encryption softwares authentication before the windows load (this authentication is called preboot authentication because you authenticate yourself as a valid user prior to Windows loading).

    Theres a very good reason why best security practices turns this on, because if you get an encrypted device that is encrypted but still lets you boot into Windows you can attack the windows session over the network, gain a remote admin exploit and boom game over.

    Not sure if you're looking to do that but thats an option. I've seen some of the other commercial stuff have other weaknesses (if you're on the network on an encrypted device and want its recovery media a lot of them log out to network shares so if you're on an encrypted device sniff its network traffic in the first 5-15 minutes to see what it trys to dump out to, a lot of the time you can snag the encryption recovery keys, depending on the software if it works that way).

    most of the products ive seen (Utimaco, PGP, Pointsec, Etc) teh weakness is more so in the configuration than the encryption itself. A lot of them do a lot of checking when the device is booting, i've had some interesting results having non-normal formats for usb devices plugged in (ie crashes in the software itself and blue screens in the windows session on load).

    I'm trying to learn more on how i can exploit some of these blatant bad error checking but everything takes time.

    I know you were looking more along the lines of a decryptor type thing BUuuuut....dont attack the fort wall attack the doors and windows [heeehee windows...]

  4. #4
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    I know you were looking more along the lines of a decryptor type thing BUuuuut....dont attack the fort wall attack the doors and windows [heeehee windows...]
    LMAO, Now I know why they call it windows and not walls!

    Can't the encryption key be brute forced?

  5. #5
    Just burned his ISO hexabot's Avatar
    Join Date
    Jan 2010
    Posts
    5

    Default

    if it can be brute forced then does ne one know what linux command to use with john and possibly mount or is there some pre built software that can do this already?

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by hhmatt81 View Post
    Can't the encryption key be brute forced?

    keys can be brute forced. However the real question is how long will it take.

    The more complex the key the longer it will take,
    The simpler keys take less time.

    Once this question is answered for the attacker the next question is , Is the data worth the time, effort.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Just burned his ISO hexabot's Avatar
    Join Date
    Jan 2010
    Posts
    5

    Default

    thanks for your feedback but i decided after running autopsy and finding no results that the information on the laptop was not worth the effort and was able to delete the partition and install a fresh copy of windows.

    thanks everyone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •