Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: On the Recent PGP and Truecrypt Posting

from [John Pettitt] Network Security [Permanent Link]
Subject: Re: On the Recent PGP and Truecrypt Posting
Date: Sat, 27 May 2006 12:01:59 -0700 
jon@pgp.com wrote:

[snip]

Simply put, if you change the passphrase on a PGP Virtual Disk, or a 
Truecrypt volume, or anything else, it does not change the passphrase on 
backups of that data. If you restore the data from the backup, the passphrase 
on the restored file is not the passphrase on the changed one.

  

Ignoring the issue of how things were published ....

I think the underlying point is that many users, not understanding the
difference between the bulk key used to encrypt the data and the
passphrase used to protect that bulk key would assume, incorrectly that
changing the passphrase would lock out prior users.

Clearly a users with a backup copy of an encrypted disk for which they
know the passphrase can use the technique described to decode a more
recent image of the same encrypted disk even though the owner of the
disk may think it safe because the passphrase was changed.   In this
situation the old user gain access to newer data that they were not
supposed to be able to access.    This is different from the described
restored backup situation in that the user is using a partial restore to
circumvent a security mechanism.

The re-encyrpt button obviously defeats this attack however it's not
clear that real world users actually understand the need to re-encrypt
to make pass phrase changes meaningful when backup copies exist.   I
think this is mostly a documentation issue and perhaps a user interface
design issue in that users should be strongly advised to re-encrypt when
they change the passphrase.

John
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  D-Link DSA-3100 Cross-Site Scripting, jaime . blasco
Next by Date:  Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, thesinoda
Previous by Thread:  On the Recent PGP and Truecrypt Posting, jon
Next by Thread:  Re: On the Recent PGP and Truecrypt Posting, Jon Callas
Indexes:  [Date] [Thread] [Top] [All Lists]