Déjà vu

December 24th, 2012 by Vladimir Katalov
Category: «Cryptography», «Security»

The story about PGP becomes really funny.

Three and a half years ago (in April 2009) our company took part in InfoSecurity Europe in London. I should confess that London is one of my favourite cities; besides, I love events on security — so that I was really enjoying that trip (with my colleagues). But something happened.

Here is how it is started: From InfoSecurity, “the number One in Europe”.

In brief: we have added support for PGP to our Distributed Password Recovery product, so allowing to break passwords on PGP private keys, PGP archives and PGP disks, and while the recovery speed was very low, it is still better than nothing — many passwords can be cracked with a dictionary attack. And one of the panels of our booth had a slogan The only way to break into PGP.

[Un]fortunately, our booth or InfoSecurity was right opposite the PGP one. And one of their employees decided that our booth did not look well and might confuse their customers, so they complained to exhibition organizers, and they destroyed a part of our booth.

The next day, Jon Callas, CTO of PGP has made a post to their (PGP) blog, saying that it is pure marketing, and ElcomSoft lies. There is no PGP company anymore; they were acquired by Symantec a year ago, and so the original link does not work anymore. However, you can still find it at WebArchive:

http://web.archive.org/web/20100621004200/http://blog.pgp.com/index.php/2009/04/lies-damned-lies-and-marketing/

That made me angry. And I made another post into our blog: What does “The only way to break into PGP” mean?.

You know what? I have déjà vu. I think you’re aware of our latest release, Elcomsoft Forensic Disk Decryptor; here is our blog post about it: ElcomSoft Decrypts BitLocker, PGP and TrueCrypt Containers.

If you read our press release on EFDD, you can see that we never said anything about revolutionary research, dangerous vulnerabilities, holes in encryption or whatever. Moreover, our software is not even the first of that kind: there were a few both free and commercial tools on the market. We just made a convenient, fast and affordable solution many forensic organizations asked for.

Nevertheless, our release got some attention from Symantec (current owners of PGP), in particular Mr. Kelvin Kwan (technical support specialist?):

The Latest Urban Legend: Cracking PGP Whole Disk Encryption (again… and again…)

Here is the only significant part of his post (the rest is something weird about using the laptop in the toilet or something like that):

I was made aware of a claim made by ElcomSoft that their product could decrypt PGP containers (as well as other Full Disk Encryption competitors). After reading through their blog and discussing my thoughts with the Symantec Encryption Engineering team, we have come to the conclusion that this claim is false! There’s truly nothing to see here.

When a system is encrypted with PGP WDE, it is NOT possible to access encryption keys from the hibernation file when the system is in its hibernation state or shut down. PGP WDE encrypts the entire disk, including any hibernation partition or hibernation file.

It seems that either PGP employee does not completely understand how their own product works, or so to say forgot that there could be more than one partition in the system. His statement (about encryption of hibernation file) is true only if bootable/system partition is encrypted, which is not always the case. The obvious example is: one may have the system installed on the first disk (e.g. fast SSD), and all the data on the secondary drive (large HDD), and use PGP WDE for this second drive only. That means that hibernation file will NOT be encrypted. Voila!

Also, there are other ways to get the encryption keys — by performing memory dump. Obviously, he is aware of it, but doesn’t see what’s the point :

In an ideal situation you could potentially retrieve the keys when the system is powered on. But at this point you already have access to the system. Why would you bother retrieving the keys when you could simply copy the data then and there?

First, it is much easier and more convenient to get the keys, and then completely decrypt the drive (at any time, now or later), or just mount it — for further analysis. The source drive will remain intact. Also, you will be able to use data carving technologies, e.g. to analyse spare space. And last but not least, you will also be able to analyse the files locked by the operating system.

Finally, don’t forget about FireWire attack (of course it is not always applicable, but we never said that it is a panacea).

After all, a couple of words about PGP itself. I have been using it for 15 years or so, since version 2.6 for DOS — an excellent piece of software. Used to be. But it became much worse when released by PGP Corporation, and now (by Symantec) it is even more disappointing, especially when officials do such strong but silly statements. Usability raises a lot of questions, design is like Chinese-made shareware from mid-90’s, poor performance. And high price. So for last few years, I use (free) TrueCrypt — much faster, much more convenient, full-featured, and in fact more secure. And btw,  it is able to automatically dismount all mounted TrueCrypt volumes and erase their master keys stored in RAM before the computer hibernates: read more here.


REFERENCES:

Elcomsoft Forensic Disk Decryptor

Elcomsoft Forensic Disk Decryptor offers forensic specialists an easy way to obtain complete real-time access to information stored in popular crypto containers. Supporting desktop and portable versions of BitLocker, FileVault 2, PGP Disk, TrueCrypt and VeraCrypt protection, the tool can decrypt all files and folders stored in crypto containers or mount encrypted volumes as new drive letters for instant, real-time access.

Elcomsoft Forensic Disk Decryptor official web page & downloads »