Data Decryption &Password RecoveryHow Special Tools Facilitate Investigations                                       !"#$%&...
Who are we?• Founded in 1990• In password recovery since 1998• Privately owned• HQ and Dev in Moscow, Russia• Four US pate...
ProductsOverview
Stored PasswordsBrowsers    Mail        IMs
Protected FilesOffice         PDF         Archives
Protected FilesPGP       WordPerfect   Accounting
Distributed Recovery          Many file types          Works over LANs and          WANs          Up to 10’000 nodes       ...
AuditWindows Domains   Wireless Networks
Technology
Thunder Tables®
• Recovers encryption key• Password remains unknown• Works only with 40-bit encryption ‣ MS Word 97-2003, Adobe PDF ‣ Word...
• Based on Rainbow Tables   • TT = RT + Keys not in RT• Provides guaranteed decryption       (except for MS Excel files)• D...
100%                                                                                       99.4% 99.9% 100%               ...
Demo
GPU Acceleration
• Order of magnitude faster than CPU• Competing vendors: NVIDIA and ATI• Hardware readily available ‣ Consumer- and enterp...
Core i7-920       1,000GeForce 295               8,200GeForce 480                    11,300Radeon 5970                    ...
TACC Acceleration
• Times faster than CPU• Very easy to use ‣ No drivers ‣ Portable• Low power consumption (   no overheating)• Scales easily
1,000Core i7-920                  $250                                             2,500TACC1441                          ...
Technology letsdo more in less time!
New Products &   Features
Elcomsoft PhonePassword Breaker
Elcomsoft Phone         Password Breaker• Recovers passwords for mobile devices  backups• Works offline (device is not need...
iOS 4.x Backup              Security• Password verification is done on the device ‣ PBKDF2-SHA1 with 10’000 iterations ‣ Wa...
Backup password               Backup keybag       Backup master keyEncrypted FEK and IV   FEK encryption key     AES-256 k...
iOS 4.x Keychain              Security• Keychain is system-wide storage for secrets  ‣ Sort of Protected Storage for iOS• ...
Blackberry Backup             Security• Password verification is done on the PC ‣ PBKDF2-SHA1 with 1 (one) iteration ‣ Gene...
Demo
Questions?
Thank you
Data Decryption &Password RecoveryHow Special Tools Facilitate Investigations                                       !"#$%&...
Upcoming SlideShare
Loading in...5
×

Data Decryption & Password Recovery

1,695

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,695
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Decryption & Password Recovery

  1. 1. Data Decryption &Password RecoveryHow Special Tools Facilitate Investigations !"#$%&()"*
  2. 2. Who are we?• Founded in 1990• In password recovery since 1998• Privately owned• HQ and Dev in Moscow, Russia• Four US patents issued, more to come
  3. 3. ProductsOverview
  4. 4. Stored PasswordsBrowsers Mail IMs
  5. 5. Protected FilesOffice PDF Archives
  6. 6. Protected FilesPGP WordPerfect Accounting
  7. 7. Distributed Recovery Many file types Works over LANs and WANs Up to 10’000 nodes Hardware acceleration
  8. 8. AuditWindows Domains Wireless Networks
  9. 9. Technology
  10. 10. Thunder Tables®
  11. 11. • Recovers encryption key• Password remains unknown• Works only with 40-bit encryption ‣ MS Word 97-2003, Adobe PDF ‣ Word 2007/2010 when saving in .doc• Can be applied to passwords
  12. 12. • Based on Rainbow Tables • TT = RT + Keys not in RT• Provides guaranteed decryption (except for MS Excel files)• Data fits on DVD or 4 Gb USB stick• Average key search time is 25 seconds
  13. 13. 100% 99.4% 99.9% 100% 95.7% 89.4% 75% 77.6% 69.7%Keys recovered This is dual-core CPU with tables on HDD 50% 54.7% Quad-core with tables on SSD will be way 40.2% faster! 25% 25.3% 17.4% 0% 1 sec. 2 sec. 5 sec. 10 sec. 20 sec. 30 sec. 1 min. 2 min. 5 min. 10 min. 15 min. Attack duration
  14. 14. Demo
  15. 15. GPU Acceleration
  16. 16. • Order of magnitude faster than CPU• Competing vendors: NVIDIA and ATI• Hardware readily available ‣ Consumer- and enterprise-grade solutions ‣ Very competitive hardware pricing
  17. 17. Core i7-920 1,000GeForce 295 8,200GeForce 480 11,300Radeon 5970 39,000 0 10,000 20,000 30,000 40,000 Office 2007, Passwords per Second
  18. 18. TACC Acceleration
  19. 19. • Times faster than CPU• Very easy to use ‣ No drivers ‣ Portable• Low power consumption ( no overheating)• Scales easily
  20. 20. 1,000Core i7-920 $250 2,500TACC1441 $4,000 5,000Tesla C1060 $1,500 0 1,250 2,500 3,750 5,000 Office 2007, Passwords per Second
  21. 21. Technology letsdo more in less time!
  22. 22. New Products & Features
  23. 23. Elcomsoft PhonePassword Breaker
  24. 24. Elcomsoft Phone Password Breaker• Recovers passwords for mobile devices backups• Works offline (device is not needed)• Decrypts backups (you can use favorite mobile forensics tools)• Recovers passwords stored in Keychain• GPU & TACC acceleration
  25. 25. iOS 4.x Backup Security• Password verification is done on the device ‣ PBKDF2-SHA1 with 10’000 iterations ‣ Was 2000 iterations in iPhoneOS 3.x• No data leaves device unencrypted ‣ AES-256, per-file key and IV
  26. 26. Backup password Backup keybag Backup master keyEncrypted FEK and IV FEK encryption key AES-256 key and IV to decrypt file
  27. 27. iOS 4.x Keychain Security• Keychain is system-wide storage for secrets ‣ Sort of Protected Storage for iOS• Encrypted with device-specific key• Plain backups include keychain “as-is”• Encrypted backups include keychain re- encrypted on key derived from password ‣ The only reliable way to get stored secrets
  28. 28. Blackberry Backup Security• Password verification is done on the PC ‣ PBKDF2-SHA1 with 1 (one) iteration ‣ Generating 256 bytes of key data, using 256 bits• Data encryption done on PC ‣ AES-256, single file Still think Blackberry is more secure?
  29. 29. Demo
  30. 30. Questions?
  31. 31. Thank you
  32. 32. Data Decryption &Password RecoveryHow Special Tools Facilitate Investigations !"#$%&()"*
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×