• Recovers encryption key• Password remains unknown• Works only with 40-bit encryption ‣ MS Word 97-2003, Adobe PDF ‣ Word 2007/2010 when saving in .doc• Can be applied to passwords
• Based on Rainbow Tables • TT = RT + Keys not in RT• Provides guaranteed decryption (except for MS Excel ﬁles)• Data ﬁts on DVD or 4 Gb USB stick• Average key search time is 25 seconds
100% 99.4% 99.9% 100% 95.7% 89.4% 75% 77.6% 69.7%Keys recovered This is dual-core CPU with tables on HDD 50% 54.7% Quad-core with tables on SSD will be way 40.2% faster! 25% 25.3% 17.4% 0% 1 sec. 2 sec. 5 sec. 10 sec. 20 sec. 30 sec. 1 min. 2 min. 5 min. 10 min. 15 min. Attack duration
Elcomsoft Phone Password Breaker• Recovers passwords for mobile devices backups• Works ofﬂine (device is not needed)• Decrypts backups (you can use favorite mobile forensics tools)• Recovers passwords stored in Keychain• GPU & TACC acceleration
iOS 4.x Backup Security• Password veriﬁcation is done on the device ‣ PBKDF2-SHA1 with 10’000 iterations ‣ Was 2000 iterations in iPhoneOS 3.x• No data leaves device unencrypted ‣ AES-256, per-ﬁle key and IV
Backup password Backup keybag Backup master keyEncrypted FEK and IV FEK encryption key AES-256 key and IV to decrypt ﬁle
iOS 4.x Keychain Security• Keychain is system-wide storage for secrets ‣ Sort of Protected Storage for iOS• Encrypted with device-speciﬁc key• Plain backups include keychain “as-is”• Encrypted backups include keychain re- encrypted on key derived from password ‣ The only reliable way to get stored secrets
Blackberry Backup Security• Password veriﬁcation is done on the PC ‣ PBKDF2-SHA1 with 1 (one) iteration ‣ Generating 256 bytes of key data, using 256 bits• Data encryption done on PC ‣ AES-256, single ﬁle Still think Blackberry is more secure?