Archive for the ‘Cryptography’ Category

Office 2010: two times more secure

Tuesday, July 28th, 2009

We are waiting for release of new Microsoft office suite – Office 2010. Right now Microsoft has only technical preview of new Office; this preview has been leaked from Microsoft and everyone can download it with the help of torrent trackers. We’ve got a copy of Office 2010 and analysed its (new) password protection.

Starting from Office 2007, Microsoft used password protection system called ECMA-376, developed by ECMA International. This standard is open and everyone can write ECMA-376 based protection which will be accepted by Microsoft Office. The standard allows to select hash and encryption algorithms as well as the number of hash rounds (up to 10 millions is allowed).

In Office 2007, ECMA-376 with SHA-1 hash and AES-128 encryption is implemented. The number of hash rounds is 50000 that makes password recovery really difficult and slow. Office 2010 also uses SHA-1 and AES-128, but the number of hash rounds is now 100000. Therefore password recovery for new Office files will be two times slower.

Here is a diagram of password recovery speed for Office 2007:

To get a speed for Office 2010, simply divide these values to 2. We’ll get about 175 pps on Core2 6600 and about 8750 pps on Tesla S1070.

Why don’t increase the number of hash rounds to 10 millions ? Security is really important but it always affects usability. The hash is calculating to verify a password and when each document block is decrypted. If we add hash rounds – the document decryption time is increased. If a document is opening in MS Office during one hour – its unacceptable despite of high security.

Anyway – Office 2010 documents will be more secure than Office 2007 ones. And the new encryption has backward compatibility – all Office 2010 documents can be opened in Office 2007. 

Keyboards unreliable for keeping… transmitting secrets

Tuesday, June 16th, 2009

Time for shoulder surfing is gone, today we have more sophisticated ways to track what you are typing on your keyboard. A series of appearing keyboard attacks yet again prove its incapability of keeping secretes. Let’s see what we have…

(more…)

Eurocrypt 2009 Highlights

Tuesday, June 2nd, 2009

About a month ago annual Eurocrypt conference took place in Cologne, Germany. This is rather academic event (as most if not all events held by IACR) so it is not always easy to read its proceedings filled with formulas and theorems. Nonetheless there are usually couple of very interesting works presented at each such event. Let me tell you a little bit about this year’s highlights.

(more…)

When CPU is not enough

Thursday, May 28th, 2009

Hardware acceleration of password recovery has been a hot topic for quite some time already. We were the first to adopt widely available graphic cards for this purpose and we’re proud of this. Today I’d like to share some thoughts on hardware acceleration for password recovery, its past, present, and future. I will also cover the most frequently asked questions regarding GPUs.

(more…)

Living to the 64-bit rhythms

Tuesday, May 26th, 2009

All modern AMD and Intel processors are 64-bit and corresponding Windows versions are also on the market. It is highly recommended to use 64-bit systems (though 32-bit systems perfectly work on 64-bit processors) because in this case more than 3 Gb RAM can be employed, and today we have lots and lots of 64-bit systems, so it’s getting more and more critical. (more…)

Thunder Tables™ Explained

Thursday, May 21st, 2009

From time to time we’re receiving questions regarding various technologies used in our products, especially Thunder Tables™ and GPU acceleration. Today I’d like to explain what exactly Thunder Tables™ is (and what it’s not).

 

(more…)

DC4420

Tuesday, May 12th, 2009

Apart from official IT Security events, London ethical hackers like to organize monthly meetings such as DC4420 in clubs, sometimes changing their location. In an informal manner they exchange their experience, represent new ideas and technologies.

We learned about this event first from icesurfer who follows us on twitter when he dropped by our booth at InfoSecurity Europe 2009 to say hello and so we’ve been lucky to get an invitation to this underground “techno-party”. 
 
After a busy day at the exhibition talking to all from sales guys to journalists this warm and welcome gathering tempted us to stay longer. However, our plane (back to Moscow) was to take off the next morning that is why we could only hear the first presentation (out of three) and to be frank got an over-the-top-pleasure hearing it.
In brief, Andrea Barisani and Daniele Bianco explained how one could find out what is being typed on the keyboard through searching electric signal oscillation registered on a common power socket or even water-pipe. All accompanied by humorous visuals starred by both speakers.
 
 
The second part of presentation introduced a new approach to a pretty known technology for electronic-acoustic reconnaissance – using laser microphone for registering sound vibration as far as 200-300m away. The idea is not fresh, and usually a common window serves as sound reflector. But our techies decided to use laptop cover/display for recording vibrations caused by pressing different keys on the keyboard. Each key has its particular sound. After analyzing laser vibration we get possible variants of typed text. Provided we know what language is being used, it is not a problem to find a right variant.
 
Smart presentations sandwiched between informal chatting and drinking beer gives an absolute sense of belonging to the world of wayward technologies.
 

From InfoSecurity, “the number One in Europe”

Tuesday, April 28th, 2009

We never thought that our participation would bring such kind of trouble (or at least a disappointment).

Monday early morning we came to prepare our stand and apply our wallpapers (yes, we do it ourselves, sort of team building :) ). Practically, everything went smoothly, except for the fact that the organizers did not fix our company name board, electricity was not there and finally – we have got less space than we ordered (and paid for) because wall panels were not constructed properly. But after all, [almost] everything was fixed. Unfortunately, we have not made any pictures, but here is how it should look like (by design):

Click to enlarge

Next morning (the first day of the exhibition) we came to our booth in advance (about half an hour before the exhibition opens). And what we have seen? Two persons (from Reed Exhibitions, the organizers of this event) removing one of the wall papers from our booth – the one that said that we’re doing PGP password recovery. Moreover, we were not able to get the clear answer why they’re doing that, except the fact that “PGP Corporation complained”. And the reference to some “regulations” we still have not seen. We asked for some official paper (act?) about our “violation”, and still waiting for it. When (if?) we’ll get it, we’ll scan it and publish here.

Fortunately, we had the camera handy, and so made several photos of this “process” (removing our wall paper). Organizers (Reed) did not like that, too, and tried to hide their faces from the camera. But they failed, so you can see them now (and the whole “process”):

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Cliick to enlarge

Click to enlarge

So we had to put the following note here (fortunately, on one panel only):

Click to enlarge

Click to enlarge

Only two hours later, they (Reed Exhibitions Group Event Director) came to our booth and asked to remove this note. Oops, sorry: not asked, just removed. Without explanation. Well, the explanation was: we have the right to do anything here.

What are they (PGP) scared about? I don’t have an answer. Do we say that PGP protection/encryption is not secure? No we don’t. But we DO say that PGP passwords can be cracked – if they are not selected carefully. But if PGP people cannot explain that to their clients – this is not our fault.

Update: see What does "The only way to break into PGP" mean?

Dangerously Easy Password Recovery

Thursday, April 23rd, 2009

There is only one way to break through PGP® encryption – GPU accelerated brute force – and that one is too many. New Elcomsoft Distributed Password Recovery v. 2.80.206 crunches PGP® passwords 200 times faster using graphic chips.

EDPR is all for cutting unnecessary costs, saving time and energy. Just using video cads you have at hand can result in excellent performance. In the graph you can see a huge leap in speed since graphic cards came into action.

 

EDPR Benchmarks (PGP® Disk/WDE)

TROOPERS09 – are you with hackers or what?

Wednesday, April 22nd, 2009

If you added this blog to your news feeder, then you prefer getting skilled rather than getting owned – as in Troopers’ motto.

Troopers09 is an international IT-Security Conference held in Munich, Germany. This event is created for CISOs, ISOs, IT-Auditors, IT-Sec-Admins, IT-Sec Consultants and everyone who is involved with IT-Security on a professional basis. The goal is to share in-depth knowledge about the aspects of attacking and defending information technology infrastructure and applications. The featured presentations and demonstrations represent the latest discoveries and developments of the global hacking scene and will provide the audience with valuable practical know-how.

Andrey Belenko ( ElcomSoft’s Lead IT Security Analyst) will enjoy the conference and give a talk tomorrow (on 23rd April 2009) at 16:00 – 16:45, here is an abstract of his speech: http://troopers09.org/content/e3/e282/index_eng.html