Re: AES-256 encryption

From: dante (dante@virtualblueness.net)
Date: Wed Aug 22 2007 - 08:45:08 EDT

• Next message: Paul Melson: "Re: Bittorrent Data Port Probe"
• Previous message: jimmy wong: "Ping Script for Servers Keep Alive"
• In reply to: Dereck Martin: "RE: AES-256 encryption"
• Next in thread: Dereck Martin: "RE: AES-256 encryption"
• Reply: Dereck Martin: "RE: AES-256 encryption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Dereck and list,

The cipher itself is not easily cracked (and by cracked I mean
decryptable without the key with a reasonable amount of CPU cycles,
given a reasonably strong key), but the implementation can be weak. One
such weakness is the so-called watermark attack. See

http://www.governmentsecurity.org/archive/t14922.html

There is proof of concept code there --- it is easy enough that I give
it to my students as an assignment.

For more information, see also

http://mareichelt.de/pub/texts.cryptoloop.php (I don't agree with
everything written there, but its worth the read.)

As an aside (since this thread has drifted --- surprise), it would be
nice to have a compendium of references comparing encryption techniques,
their strengths and weaknesses. Something practical, what works and
what doesn't. The journals concentrate on the ciphers/hashes and their
strengths (eg. the recent sha1 weakness discovered by Wang et al.) but
I think the biggest problem is poor implementation (eg. problems with
how the initialization vector is handled, etc.)

Anthony Basile, Chair IT
D'Youville College
Buffalo, NY USA

Dereck Martin wrote:
> I use an encrypted file system in Linux using a loopback device with AES-256 encryption and the password is a symmetric GPG key on a USB device required a boot (which also contains the boot partition). What would be the likely hood of breaking the encryption if the disk was taken, but the GPG key required to unlock it was not.
>
> Dereck Martin
> Network Operations Engineer
> PacketDrivers IT Outsourcing, LLC
> http://www.packetdrivers.com
> ____ _ _ ____ _
> | _ \ __ _ ___| | _____| |_| _ \ _ __(_)_ _____ _ __ ___
> | |_) / _` |/ __| |/ / _ \ __| | | | '__| \ \ / / _ \ '__/ __|
> | __/ (_| | (__| < __/ |_| |_| | | | |\ V / __/ | \__ \
> |_| \__,_|\___|_|\_\___|\__|____/|_| |_| \_/ \___|_| |___/
>
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of Michel Pereira
> Sent: Tuesday, August 21, 2007 2:01 PM
> To: adrian.floarea
> Cc: 'R Buena'; 'Kush Wadhwa'; pen-test@securityfocus.com; forensics@securityfocus.com
> Subject: Re: AES-256 encryption
>
> But this tools can tell you if the correct key was found? Or you need
> to see every output that the tool does.
>
> Bye
>
> On 16/08/2007, at 12:49, adrian.floarea wrote:
>
>
>> As I say to Kush in a private email, it is almost impossible to
>> crack a file which is encrypted in a proper way with AES.
>>
>> But, if the password used for encryption is a week password (like
>> 1234 or abcd etc) with a specialized tool you can break the
>> encryption.
>>
>> Even, if the password is weak some tools cannot decrypt the files,
>> because do not understand the format of the document (for example,
>> if the document is a PKCS#7 structure), so in this case you must use
>> an appropriate tool.
>>
>> This was the sense of my words.
>>
>> Hope to help you.
>>
>> Regards,
>>
>>
>> Adrian Floarea, CISA
>> Business Development Manager
>> SC CERTSIGN srl
>> Central Business Park
>> 133, Calea Şerban Vodă St., Building C1, 2nd floor
>> 040205 Bucharest 4, Romania
>>
>> -----Original Message-----
>> From: R Buena [mailto:dreamsbig@gmail.com]
>> Sent: Thursday, August 16, 2007 6:09 PM
>> To: adrian.floarea
>> Cc: Kush Wadhwa; pen-test@securityfocus.com; forensics@securityfocus.com
>> Subject: Re: AES-256 encryption
>>
>> Just curious, what if the program was KeyPass or PasswordSafe?
>> and you don't know the passphrase?
>>
>> On 8/14/07, adrian.floarea <adrian.floarea@uti.ro> wrote:
>>
>>> Hi Kush,
>>>
>>> Please tell me if you know the program which was used for encrypt
>>> the file
>>> and also the used password. If not, I am afraid that will be
>>> impossible for
>>> you to decrypt the file.
>>>
>>> There are some good programs for decrypt files (for example
>>> Passware) but
>>> with limited functionalities. For example if was used for
>>> encryption a good
>>> password (more than 6-7 characters, numbers or special characters)
>>> it is
>>> almost impossible to recover the file.
>>>
>>> Regards,
>>>
>>> Adrian Floarea, CISA
>>> Business Development Manager
>>> SC CERTSIGN srlr
>>> Central Business Park
>>> 133, Calea Şerban Vodă St., Building C1, 2nd floor
>>> 040205 Bucharest 4, Romania
>>>
>>> -----Original Message-----
>>> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com
>>> ] On
>>> Behalf Of Kush Wadhwa
>>> Sent: Tuesday, August 14, 2007 1:36 PM
>>> To: pen-test@securityfocus.com; forensics@securityfocus.com
>>> Subject: AES-256 encryption
>>>
>>> Hello All,
>>>
>>> Is there any way to decrypt a file which is AES-256 encrypted? I used
>>> many of the tools but I was not able to decrypt it. Please help me if
>>> any one knows how to decrypt it
>>>
>>> Regards,
>>> Kush Wadhwa
>>>
>>> ------------------------------------------------------------------------
>>> This list is sponsored by: Cenzic
>>>
>>> Need to secure your web apps NOW?
>>> Cenzic finds more, "real" vulnerabilities fast.
>>> Click to try it, buy it or download a solution FREE today!
>>>
>>> http://www.cenzic.com/downloads
>>> ------------------------------------------------------------------------
>>>
>>>
>>> ------------------------------------------------------------------------
>>> This list is sponsored by: Cenzic
>>>
>>> Need to secure your web apps NOW?
>>> Cenzic finds more, "real" vulnerabilities fast.
>>> Click to try it, buy it or download a solution FREE today!
>>>
>>> http://www.cenzic.com/downloads
>>> ------------------------------------------------------------------------
>>>
>>>
>>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic
>>
>> Need to secure your web apps NOW?
>> Cenzic finds more, "real" vulnerabilities fast.
>> Click to try it, buy it or download a solution FREE today!
>>
>> http://www.cenzic.com/downloads
>> ------------------------------------------------------------------------
>>
>>
>
> --
> Só Jesus salva, o homem faz backups
> http://www.michel.eti.br
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Paul Melson: "Re: Bittorrent Data Port Probe"
• Previous message: jimmy wong: "Ping Script for Servers Keep Alive"
• In reply to: Dereck Martin: "RE: AES-256 encryption"
• Next in thread: Dereck Martin: "RE: AES-256 encryption"
• Reply: Dereck Martin: "RE: AES-256 encryption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:03 EDT