Hacker 10 – Security Hacker

Category: Encryption

Encryption Software

  • Canadian police cracks Datalocker encrypted drive

    Canadian police cracks Datalocker encrypted drive

    According to the RCMP newsletter, after two and half years of trying to get in, Canadian police in Saskatchewan has managed to crack a hardware encrypted device storing child porn inside, this is the first time the police has managed to crack this particular device.

    An article in “The Star Phoenix” also mentions that two Datalocker external hard drives were cracked, the brand of the drive is further confirmed by “Gazzete“, the Royal Canadian Mounted Police magazine (link below), their article about this case does not name the company but the photo in the article clearly shows a Datalocker device.

    Datalocker encrypted drive
    Datalocker encrypted drive

    According to the police magazine, Datalocker destroys the encryption key after 10 failed attempts but the forensic team overcame this challenge. Sgt. Joel Bautista figured out that given the maximum password length and variable characters that DataLocker allows for, the police computer cluster could brute force the password in around 10 years at most, so they kept trying.

    Datalocker key entry does not support upper case letters, only small case and special characters are allowed, this limits passphrase strength.

    Datalocker CEO, Jay W King, has contacted me acknowledging that Canadian police asked Datalocker for assistance in this case and he claims that  the company only disclosed “publicly available information in regards to our password rules“.  He also claims that the device had no brute force protection and asked me to remove what he says is wrong information and not to use the word “cracked”.

    I agreed to change the picture of the post as it was featuring a model that did not exist at the time, the post now displays the correct model, but I will not change the text.

    The police forensics team says that they had to overcome brute force protection, I have no reason to believe the police is lying or wrong. And to avoid misunderstandings, I am  going to quote in bold what the Canadian police magazine says word by word:

    “The forensic team had several challenges to overcome, including defeating the brute force counter, a feature on the device that would be initiated after exceeding a number of failed password attempts.”

    Datalocker CEO also claims that the model pictured in the police magazine does not come with brute force protection, but another article in “The Star Phoenix“, says that there were two Datalocker drives involved in this case, it is possible that the police newsletter photo is not showing both of them.

    The CEO has also sent me an old prospectus, and he is correct that the Datalocker Personal and Pro are advertised as not having self-destruct mode, but, a third column in the same prospectus, reproduced below, shows a model called Datalocker Enterprise, encrypted using AES256bit, listed as having self-destruct mode.

    Datalocker encryption modes
    Datalocker encryption modes

    I am not going to argue about what device was involved in this case, because I honestly don’t know, but I can say for certain that the police claims that they had to “defeat the brute force counter“, textual words.

    I am sorry man, but that is what the police says, I can’t change it. I invited Datalocker CEO to post whatever he likes in the comments section if so he wishes.

    Sources:

    RCMP police magazine: http://publications.gc.ca/collections/collection_2015/grc-rcmp/JS62-126-77-1-eng.pdf

    Star Phoenix Story: http://www.thestarphoenix.com/technology/police+should+have+found+more+child+porn+evidence+gryba/11408124/story.html

  • Police cracks encryption software CrypticDisk and Acer

    Police cracks encryption software CrypticDisk and Acer

    New top secret documents leaked by Snowden (link below) reveal that GCHQ, Britain’s spy agency, has a team to reverse engineering popular encryption software and they routinely collaborate with British police when they come across encrypted data during the course of an investigation. Since it is not needed to explain in court how law enforcement has managed to access the encrypted data, it can remain secret when GCHQ finds a vulnerability in an specific program.

    In one particular case, GCHQ assisted the National Technical Assistance Centre, a domestic law enforcement agency, to decrypt child pornography stored inside a virtual encrypted container created with Crypticdisk and in another case, GCHQ cracked Acer eDataSecurity Personal Secure Disk for an undetermined “high profile police case“.

    Acer eDataSecurity is a free file encryption utility that comes with Acer laptops. I was not able to find out what algorithm Acer is using for encryption but I learned reading the laptop manual that the user can choose a bit strength of in between 128bit and 256bit, the manual textually says that “If you lose your password, there will be no way to decrypt your encrypted file!“, it has not been designed with a backdoor, deducing that GCHQ cracked it on its own without assistance from Acer.

    Exlade CryptDisk encrypted container
    Exlade CryptDisk encrypted container

    The other cracked software, CrypticDisk, from Canadian company Exlade, has thousands of companies and government agencies as customers. CrypticDisk can create a virtual encrypted disk or encrypt and external device, like a USB memory stick, where you can store data or programs, once the container has been closed, it is meant to be inaccessible, it works like Truecrypt and the company page mentions that CrypticDisk encryption keys can be made of up to 2944-bits in strength, with built-in support to open Truecrypt containers.

    CrypticDisk containers can use multiple encryption algorithms in cascade, there is a selection of AES, Twofish, Serpent, Blowfish and CAST6. The encryption wizard advises that the more algorithms you choose in cascade, the higher the cryptographic strength.

    There isn’t any clue in the leaked papers about how GCHQ cracked this software, I will make a guess of a bad implementation because the encryption algorithms are all open and AES has been widely reviewed by expert cryptographers. I am discounting the possibility of a user mistake choosing a weak password because British police is known to have a computer cluster where they can try thousands of dictionary words per minute, theoretically there should be no need for the UK secret services to help out law enforcement brute forcing a passphrase.

    The same secret documents reveal that GCHQ has obtained a warrant from the Foreign Secretary so that they can not be prosecuted for breaching copyright law from proprietary software companies. The agency is also targeting antivirus companies to be able to send trojan horses to targets without being detected. KasperSky, a Russian antivirus company, is named in the documents as being a challenge to them.

    Snowden documents: https://firstlook.org/theintercept/2015/06/22/gchq-reverse-engineering-warrants/

  • Dividing encryption keys with Secret Sharp Shamir Secret

    Dividing encryption keys with Secret Sharp Shamir Secret

    Secret Sharp is a free Windows program based on the Shamir Secret Sharing scheme, a way to divide the decryption key to distribute it in between multiple participants. Data decryption is not possible without more than one share, if one of the keys were to be compromised it would be useless to decrypt anything on its own. The only way to unlock encrypted data in a Shamir Secret scheme is with multiple keys, named shares, in Secret Sharp you can set up a minimum of 2 shares and a maximum of 100 shares.

    The software can only encrypt text messages and it needs .NET installed for it to work in Windows. After launching Secret Sharp a wizard will ask you whether you want to Combine Shares to decrypt a message or Share A Secret to encrypt data.

    When you create a new secret you will be asked how many parts you would like to create and how many of the shares will be needed to reconstruct the secret. As it might not be always possible to get all of the participants shares, you can create a secret made up of, for example, 10 shares, with only 4 of those shares needed to decrypt the data. This allows for members of the group to be away on holiday, deceased, etc, and the others will still be able to access the secret with any of the 4 keys structuring the 10 shares secret.

    Secret Sharp rebuild Shamir shares
    Secret Sharp rebuild Shamir shares

    The person that creates the secret gets to view all of the shares before distributing them to the participants, it is imperative that the secret creator has a secure computer with no trojan horse and can not be unsettled, there is nothing stopping that person from making a copy of the shares before distributing them instead of securely wiping the shares.

    To rebuild an encrypted secret you will need to be in possession of the necessary shares and stipulate to Secret Sharp how many shares are needed to reconstruct it, the latter can be told to everybody in the group without endangering the secret and should be written down somewhere during share distribution.

    Secret Sharp is the Windows version of ssss (Shamir Secret Sharing Scheme), a command line program for UNIX machines that does the same thing and there are also Java implementations around that will work on any machine, like Mac computers.

    You could find a Shamir Secret encryption program like Secret Sharp useful to leave written instructions to be opened if you die, instructions to be opened if you are captured by the enemy or just to make sure what there are at least two people reading the message and trust is not placed on a single person alone.

    Visit Secret Sharp homepage

  • Public key encryption with CyberSafe Top Secret

    Public key encryption with CyberSafe Top Secret

    CyberSafe Top Secret is a commercial program made in Russia to encrypt files, folders and partitions, it can be used to create virtual encrypted drives or encrypt a full partition or removable media (USB thumbdrive) where everything stored is automatically ciphered. The program’s source code is available for download from the company website to reassure you that there is no backdoor.

    The free edition of CyberSafe Top Secret should be considered trial software, the password length limit of 4 characters and DES algorithm make it very easy crack, it is only after buying the program that you get full protection with encryption algorithms that no law enforcement or sophisticated spies can penetrate.

    I found the program very versatile, it has so many options that if you have not used encryption before learning how to use digital certificates for encryption and signing files could take a few days to learn for newbies but a PDF manual explains in detail how everything works, it is not difficult, it simply takes time.

    I welcomed the addition of being able to encrypt files in your computer before uploading them to Dropbox, Google Drive and other cloud services. Google Drive, like Gmail, scans your data to find out if you have uploaded child pornography photos by matching the unique hashes of those files with the ones given to them by law enforcement. You have no guarantee that the NSA will not order Google to also scan your files to find X, once built-in scanning exists,nothing stops the NSA from abusing that capability for their own purposes. Anybody storing files in the cloud would be insane not to encrypt their files first and CyberSafe Top Secret allows you to do that easily dragging and dropping folders inside a window.

    CyberSafe Top Secret encryption software
    CyberSafe Top Secret encryption software

    When creating a virtual encrypted drive (.dvf) you are given the choice of encrypting it with the USA Department of Defense approved AES algorithm or the Russian government standard GOST symmetric block cipher. Be careful when entering the password because you will not be asked for confirmation. This was bizarre, it is one of the few times that I come across an encryption program that does not ask you to confirm your password twice when creating an encrypted container that is meant to be uncrackable.

    CyberSafe Top Secret Ultimate comes with a few business friendly features, like the optional Google Authenticator that can be activated in settings, a one time password mobile app that has to be used together with a user password before you can launch the program.

    The heavy reliance on public key encryption to secure files suggests CyberSoft Top Secret has businesses in mind. It is easier to manage a central registry of digital certificates that can be revoked over the network than managing dozens of passwords, the program allows you to access a public key server and import or export a public encryption key without having to open your web browser.

    CyberSafe Top Secret file encryption
    CyberSafe Top Secret file encryption

    My main criticism of this software is pricing, I obtained a license for the high end CyberSafe Top Secret Ultimate edition during a give away not connected to this review, otherwise, I would not have paid the €100 it costs. For slightly more money I can buy BestCrypt, WinMagic SecurDoc or SecurStar DriveCrypt Plus Pack full disk encryption.

    There is a cheaper version of CyberSafe Top Secret but it comes with a maximum password length of 16 characters, I don’t think that is long enough to secure your data from an adversary with high resources and it seems unfair that security software you have paid for can come with a limit that weakens your security unless you buy their most expensive package.

    CyberSafe Top Secret pricing can only be justified because it can manage and create encryption keys and it makes it easy to email to other people in a secure manner with a proven standard, but disk encryption wise, full disk encryption is much better.

    CyberSafe Top Secret should be praised for making the source code available for download. This does not guarantee that the program is bullet proof but it guarantees that experts can look at how encryption works and detect changes if somebody forces the company to modify the code.

    Perhaps if the price was cheaper for the Ultimate edition or if I needed support I would consider this program to encrypt my data. I see this software most suitable for a company with many employees after an easy solution to manage multiple encryption keys, home users in need of hard drive encryption might be better off looking at the other options mentioned above or with DiskCryptor (free), but if all you want is a solution to encrypt emails maybe it is worth to check out this software.

    Visit CyberSafe homepage

    PS: After writing the review I noticed that the uninstaller is only in Russian, clicking on the default options erased everything properly. There is no malware, but it is not very professional not translating the uninstaller.

  • List of Truecrypt compatible encryption software

    List of Truecrypt compatible encryption software

    In light of recent news about Truecrypt being no longer developed, I compiled a list of other encryption programs that are compatible with it.

    If you have data that was archived with Truecrypt for long term storage, you should be able to decrypt it with any of the following programs.

    tcplay: Fully featured Truecrypt implementation to open and create Truecrypt compatible hidden containers with cascade ciphers and keyfiles. This is a command line utility that works in Linux and DragonflyBSD, you can add a front end graphical interface with zulucrypt or Luksus.

    Luksus: A terminal program for Linux and BSD that lets you encrypt and decrypt data using Geli, LUKS, GnuPG or Truecrypt. A wrapper around tcplay, Geli and cryptsetup, with a front end graphical interface for those who find the command line too difficult.

    Luksus encryption front end
    Luksus encryption front end

    RealCrypt: An open source forked version of Truecrypt for Fedora Linux, it comes as a RPM package and it can be easily installed in Fedora using the repositories. It has a graphical interface and the same capabilities that Truecrypt has, with a different name and logo as requested by Truecrypt licensing terms. There are no significant code differences in between them.

    Encrypted Data Storage (EDS): Android app that can create and open any Truecrypt container but there is no on the fly mode and data will be decrypted to a temporary file, this could be a security risk if you believe that your smartphone can be stolen as temporary data written to solid state disks is recoverable with forensic tools.

    EDS Android Truecrypt
    EDS Android Truecrypt

    TruPax: A Java based program that can open and create Truecrypt compatible encrypted containers. I will work on any operating system that has Java installed, Windows, Mac OS, BSD and Linux. It can be used with a graphical interface or in command line mode to automate tasks.The software is open source, portable and it was coded independently from Truecrypt.

    Truecrypt compatible software TruPax
    Truecrypt compatible software TruPax

    Cryptonite: Open source app that brings EncFS and Truecrypt to your Android phone, the program is still in development and intended for advanced users. Cryptonite can decrypt any Truecrypt container using your smartphone. If you want to run Android in your desktop, there is an open source project that has ported it to PCs and can be installed as if it was a Linux distribution. This will give you a bigger screen when decrypting data.

  • Windows AES256-bit file encryption with QuickCrypt

    Windows AES256-bit file encryption with QuickCrypt

    QuickCrypt is a small portable Windows program to encrypt and securely wipe your files, this freeware program is very easy to use, implementing an encryption algorithm that is uncrackable, AES256-bit, if you lose your password there is no way to get your file back. To run QuickCrypt you will need to have Microsoft .NET Framework installed in your computer.

    One of its best features is being able to hookup the encrypted file with the computer where it was created by adding a System ID to the encrypted file unique to that computer, this makes it impossible for somebody to decrypt the proprietary .qcf encrypted file unless they are using your own machine. You can also create an automatic .zip file after encryption and add a comment visible to the person decrypting the file, the comment could be a hint to the decryption password or greeting.

    Windows file encryption AES256 QuickCrypt
    Windows file encryption AES256 QuickCrypt

    A QuickCrypt feature I have not seen anywhere else is being able to set an expire date to an encrypted file. After setting this up, if a file has not been decrypted within the specified number of days or months, it can no longer be decrypted. There isn’t any technical explanation with QuickCrypt but I am assuming that to accomplish it the decryption program checks for a date in the headers before decrypting the file.

    This is a simple but powerful file encryption program. Most useful to send files to your friends via email but they will need to be using the same program to decrypt the data and the password will have to be transmitted in a secure way, not easy to do. You can also use QuickCrypt to wipe files, going into “Tools>Erase Files” opens up a new window where you can drag and drop anything that has to be securely shredded with up to 40 passes.

    There are plenty of free file encryption programs out there, my favourite one is 7zip but choices are good and QuickCrypt could be one more option for your cyber arsenal if you trust closed source software and the developer skills of which very little is known.

    Visit QuickCrypt homepage

  • Freeware text encryption program BCTextEncoder

    Freeware text encryption program BCTextEncoder

    BCTextEncoder from Jetico is a free small portable application to encode and decode text, password protecting it with AES256-bit symmetric encryption or public encryption keys that can be either imported from a file or generated for you with the included BestCrypt Key Manager from where you can manage key pairs with the standard PKCS-12/X.509 format.

    Encrypted text can be easily copied to the clipboard or saved as .txt file, the toolbar also has an envelope logo to directly send encrypted text by email opening your email client, but during my test this function did not work for me and clicking on “Send encoded text by email now” would pop up an error window. I could not fix this problem but you can still copy and paste the text anywhere you like, from Usenet clients to webmail. The only detail is that encrypted text will be appended with the line “Version: BCTextEncoder Utility“, giving away the software and version that you have used to scramble the text but it is not a security risk if the encryption is sound.

    Text encryption program BCTextEncoder
    Text encryption program BCTextEncoder

    The program comes with a help file and it is very well documented at user and technical level, with a diagram explaining the encryption process. First the text is compressed with zlib, a software library for data compression, then you decide whether to use symmetric AES256 or asymmetric RSA for encryption, a third step converts the text to readable Base64, an encoding scheme to represent binary data as text, and after that you are ready to securely send the ciphered message wherever you like. Just note that BCTextEncoder only works for text, if you would like to cipher files, like images or videos, you will need a different program.

    It is impressive that such a tiny program packs so many powerful features and although it is closed source, Jetico is a Finnish company that has been around for many years developing security products, which gives more peace of mind than a one man hobby program.

    As usual the only challenge will be to convince the receiver to download BCTextEncoder to be able to decrypt the messages you send, this can be done with your best friend but when you have a group of people with a different operating system you are not very close to, it gets harder to agree on an encryption standard. BCTextEncoder only works in Windows.

    Visit BCTextEncoder homepage