Slashdot Mirror

And....

It has been cracked.

And....

It has been cracked.

I would like to point out that Elcomsoft broke Truecrypt, bitlocker, as well as PGP about a year ago.
http://www.elcomsoft.com/efdd....

$299.00 gets you in.

Going to need a copy of the VM's memory and some skill at finding the crypto keys in there in addition to the volume if you use TrueCrypt.

If the key was ever written to your hard drive, the fine folks at Elcomsoft will find it for you
http://www.elcomsoft.com/efdd.html

Someone should tell these people: http://www.elcomsoft.com/iphone-forensic-toolkit.html

From your linked site:

"Enhanced Forensic Access to iPhone/iPad/iPod Devices running iOS 4"
[...]
Protected file system dumps can be extracted from iPhone devices equipped with on-board hardware encryption and running iOS 4.x. Supported devices include iPhone 3GS and iPhone 4 (both GSM and CDMA models), first-gen iPad, and latest releases of iPod Touch (3rd and 4th generation).

In other words, they don't support the latest-generation iPhone (4S) or iOS (5), nor the last two generations of iPad. According to Apple, as of June 2012 almost 80% of the 365 million iOS devices sold had been upgraded to iOS5.

Maybe it works unofficially on these, but iOS5 and the iPhone 4S have been out for almost a year now. I imagine the ability to break into these would be a significant product feature they'd want to promote--if they had it.

Someone should tell these people: http://www.elcomsoft.com/iphone-forensic-toolkit.html

It may actaully be possible they have the means to just perform a backup of the phone and decrypt that via a brute force method. These guys here seem to be able to that: http://www.elcomsoft.com/eppb.html

Again, bullshit. Keychains add real security. You can't just mount the filesystem and read the contents of the keychain. You can't use an app on a rooted/jailbroken iPhone to read the keychain contents.

What about this - they run an app on a jailbroken phone and get access to the contents of the keychain.

And what about Elcomsoft's forensic tools? They claim "The toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (passcodes, passwords, and encryption keys) and decrypting the file system dump. Access to most information is provided in real-time. In addition to Elcomsoft Phone Password Breaker, the toolkit includes the ability to decrypt images of devices’ file systems, as well as a free tool that can extract the encrypted file system out of the device in raw form."

If an encrypted disk image can be decrypted by an attacker in realtime, then the encryption is not so good, is it?

From their FAQ:

Only relatively short and simple passwords can be recovered in a reasonable time.

But I thought that Bruce Schneier said that complex passwords were not any safer than short ones.

[Ducks]

Only relatively short and simple passwords can be recovered in a reasonable time.

Their press release can be found here:

http://www.elcomsoft.com/nikon.html

The press release does mention that you have to extract the key from the camera. If this is relatively easy then the system is totally broken. If it is not, you could create some kind of revocation list - but it would be the equivalent of a sloppy patch. Security is hard to accomplish, it does not surprise me that a camera manufacturer fails hardware protected signature creation.

After reading the presentation, I see that you're pretty much right. Each camera model has a different key, which is stored on the camera itself. This is then used to create a HMAC.

It doesn't even look like this was all that hard, since the key was so easily extracted. I agree with the conclusion in that presentation: Cannon needs to hire people who understand security, if they want this feature to mean anything.

If it is 50 all lowercase letters, that gives you about 5.6*10^70 possible combinations. If you have a supercomputer that can do for example 2.8bn combinations per second (fastest example on this page http://www.elcomsoft.com/distributed_password_recovery.html), then it would take 6*10^53 years to go through them all. In other words 50 characters is a pretty secure password.

Add uppercase, numbers and all the symbols on my keyboard to the mix, and you have 3.6*10^99 combinations. You can work out how much longer that would take, but it makes no difference, the world would come to an end long before you did it.

2) Your problem needs to be floating point. GPUs push 32-bit floating point numbers really fast. The most recent ones can also do 64-bit FP numbers at half the speed. Anything older is pretty much 32-bit only. For the most part, count on single precision FP for good performance.

That requirement is not necessarily true. Or at least not in the traditional sense of 'floating point.' GPUs make awesome pattern-matchers for data that isn't necessarily floating point.

Elcomsoft (of adobe DRM international arreset fame) has a GPU accelerated password cracker that is essentially a massively parallel dictionary attack,

A number of anti-virus vendors have GPU accelerated scanners - like Kaspersky.

And some people have been working with GPUs for network monitoring via packet analysis too.

Possibly EFS was fixed in Windows 7. Before that, part of the encryption key was the Windows user password and a key generated specifically for that installation of Windows.

For a discussion of the issues, read page 5 of this PDF file from Elcomsoft, which I just found: Advantages and disadvantages of EFS.

Elcomsoft is a famous Russian company. Quote from Wikipedia: "On July 16, 2001, Dmitry Sklyarov, a Russian citizen employed by ElcomSoft who was at the time visiting the United States for DEF CON, was arrested and jailed for allegedly violating the United States DMCA law by writing ElcomSoft's Advanced eBook Processor software. A landmark court case ensued, setting precedents and attracting much public attention and protest. On December 17, 2002, ElcomSoft was found not guilty of all four charges under the DMCA."

The problems with EFS were acknowledged by Microsoft employees. People have discussed losing data on Microsoft professional discussion boards. Elcomsoft sells software designed to recover data lost because of the poor design of EFS.

Hey Editors,

You forgot a link to the buying page
For as low as 1.399,- € you can start cracking^Wrecovering passwords today.

Using GPU processing to crack passwords isn't news. In Soviet Russia, they have beeing doing it for some time now.

It's for cracking crypto: http://www.elcomsoft.com/edpr.html?r1=pr&r2=wpa

While Touretzky prefaces his page on the subject with "Computer professionals who have examined these mechanisms have found them easy to defeat", I miss something able to decrypt or print the latest crop -- where APDFPR says

APDFPR Error
The document was created with 'eBook Exchange (EBX_HANDLER) 128-bit security v.3' encryption handler. This protection method is not supported.

Having the eBook and the etx.etd file I guess that should in principle be possible, but how's that done in practice?

Pricing for these apps is pretty steep at $1,299 per machine license. Well, maybe not so steep if you consider how valuable it could be for you. It doesn't say if that has the GPU utilization with it yet or not.

Also, I wonder if they've investigated using SLI & CrossFire with these. That seems like something obvious to me but not included in the article. I'm unaware of their implementation but it sounds like it could be parallelized--and accross 2 or even 4 cards, that could get hilariously powerful.

If you can connect it to the network, you could use Proactive Security Auditor.

A RAR file with a password IS encrypted. But that is secure, as far as I know (unlike most ZIPs). If for instance I look for RAR password crackers, I find only things like Elcomsoft who say "At the moment, there is no known method to extract the password from the compressed file; so the only available methods are 'brute force' and dictionary-based attacks.... WinRAR has incorporated AES (using the Rijndael algorithm) encryption since V2.9." Sounds good enough to me.

Sounds like your PDF file is broken. Perhaps you can get one of your friends who lives in a foreign country to run
this fixing program to repair the errors.

What about using it for cracking encrypted files? I remember seeing a chart somewhere for how long different classes of computing (home pc, company size distributed, some old supercomputer) would take to crack some types of encrypted files. I wonder where bluejeans would stack up and how long it would take.

I looked here, http://en.wikipedia.org/wiki/Brute_force_attack#Th eoretical_limits , and it is saying that properly encrypted 128bit-key files are uncrackable.

ps. I think i saw that cracking time chart for cracking encoded zip files and it was at http://www.elcomsoft.com/ but the site is blocked by websense so I can't find it.

For me, the entire issue is whether EFS can and should be used in a corporate environment with stand-alone computers.

I found the page about recovering from EFS problems: EFS Encrypted File System recovery.

This gives a map of how things are stored: "Unfinished 1024*768 image giving a brief overview".

For $99 you can get a program to decrypt EFS files without knowing the password: Advanced EFS Data Recovery. I haven't tried it. Elcomsoft is a very well-known company.

Answer to your comment above:

1) There must be a way to make encrypted backups of encrypted material, both live (on another computer) and on optical media.

2) What would be interesting is if you could recover encrypted files on another computer. The whole issue is whether you have a real backup. A situation in which you used a Microsoft product on one computer, as you have above, will never be a true test. The test you did is interesting, but actual recovery must be available on another computer.

3) There is no way to detach EFS decryption from social issues. People are led to use encryption by the ease of starting to use EFS, without any warning that there is a need to follow a procedure to save "certificates". People entrust information about their lives and their business to computers. That trust must be strongly supported.

My guess is that somehow Virtual Server provides additional information not available to another stand-alone computer.

ZIP files are inherently insecure (if you rely on the password protection anyways). RAR files are much more secure. Just try using one of those brute-force password cracking apps on a RAR file-- it takes significantly longer to brute force a RAR than a ZIP.

A better approach would be the Windows UBCD. Before I came across that a Linux live cd was the slickest thing since sliced bread. But for fixing broken Windows PC's, this is the best tool I've seen.

You get networking support and a ton of your favorite, trusted tools for diagnosing and repairing just about anything (and some you've never heard of yet probaby). Of course to top it all off you build it with your own applications (like a password recovery program) and make this a pretty industrial strength recovery cd suited for you.

I am unaware of open source software that meets the functionality of PWSEX or LC5.

One tool that does this is the ominious-sounding "Advanced Office Password Recovery", from Elcomsoft. Remember them? Yes that's the compnay who employed Dmitry Sklyarov, who got arrested under the DMCA for talking about Adobe's lame-ass encryption.. :)

Does it still support copy/paste?

How about printscreen?

I've run in to a few journal articles in Adobe PDF format that don't support copy/paste. (no, these aren't just in .tiff format, they're protected) Elcomsoft has a nice work-around called APDFPR, but I think Dimitri got in a little trouble for writing it. :-)

Now that will have the hackers really quivering in their boots!

The last time I had a "password recovery" issue with Access, I found everything I needed to hack it with just a few clicks on Google. I spent about an hour searching for snippets of code to throw into VBA.

I guess the people at Diebold never heard about password recovery tools

They are still out there, thanks to Skylarov's old company. Elcomsoft makes an Advanced Zip Password Recovery tool.

Here, this guy is proposing something along the lines of eliminating car locks so that noone will be arrested for carrying burgulary tools.

No, it's more along the lines of advocating the elimination of car locks in favor of mandatory keyless entry with extra security safeguards so that no on will be arrested for carrying burglary tools.

Let me give you a good example. Say it's your job to convert documentation for your business. (It's part of mine from time to time.) A lot of that documentation comes to you in the form of PDFs that need to be converted to plain text, reformated, edited, and then reposted in HTML or XML format. Easy, right?

Well, not if the PDF is password protected. Despite the fact that the PDF may not contain any sensitive or proprietary information, many PDF authors leave the 'Security' options in Acrobat or other PDF authoring tools turned on rather than off by default. This means that no one else can edit that document without breaking that security.

Breaking the security on PDFs is trivial. Elcomsoft's been doing it for years. As we all know, however, Elcomsoft (and Dmitry Skylaroff) has been in deep trouble with the DOJ for daring to ignore the DMCA.

Despite the fact that I am presented with password-protected PDFs that orginated within my company on a regular basis, I am prohibited from using tools to break the passwords on those documents by company policy. More often than not, rather than trying to attempt to retrieve those passwords from the people who created the PDF, the people who want the document converted simply give up in the face of this policy.

Right, but Elcomsoft did all their *selling* in the USA.

You mean This ?

Let me see ... clickedy clickedy click ...
IP address of www.elcomsoft.com is 217.107.213.131. And "whois" locates this IP address as belonging to "ROSTELECOM-NET, ncc@rt.ru" in Russia ... (as does traceroute)

So the point of selling was definately in Russia.

the freedom to take a digital copy of the book, leaving the original on the shelf for someone who is not able to use a digital copy.

The biggest impediment to the type of access you describe nowadays isn't the technology, it's capitalism and all its derivatives, such as copyright.

Case in point: A few years ago, the ebook vendor netLibrary offered an offline reader. This product was removed due to publisher paranoia. Currently you can only view netLibrary titles one page at a time while connected to the Internet. Furthermore, despite the medium, only one patron per purchasing library can check out a book at any given time. But never fear, now they're offering - for an extra fee - the ability to use a (somewhat) DRM crippled offline reader.

Publishers are about as up to date with technology and new pricing models as the RIAA. Copyrights disputes have been cited as the reason several publishers have pulled their titles from full-text databases. So instead of moving towards the single search box method for library resources, we now have hundreds of competing library database vendors, each with different coverage and search interfaces. It is the most difficulty time in history to do library research (and the slack that Google is picking up is a detriment to research skills) not just because of varying library materials formats, but because of copyright.

Libraries Are 31337

Explain that to Dmitri Sklyarov, who spent more than a month in jail for releasing a hacking tool, which unlocks Adobe e-books.

That's just silly. This is some new use of the word "hacking tools." Certainly, Elcomsoft doesn't think so -- the words "hacking tools" do not appear on their web site.

Sure, you can try to define yourself out of this argument by treating the word "hacking" to mean whatever you like. But that's the same logical error -- you are still conflating the same concepts. If you define "hacking" to include the activity of trafficking in software for "unlocking Adobe e-books," congratulations! You won the argument. But so what? My point is that DMCA is not directed toward the conduct traditionally known as hacking by most of us (clever machination of technical systems) nor the conduct currently known as hacking (cracking). The DCMCA anti-circumvention proscriptions may overlap with some cracking conduct, just as any number of other laws -- that doesn't make it anti-cracking legislation, for the reasons stated earlier.

and someone far smarter than the spammers are writes a couple pieces of software

That's the kind of role companies like Elcomsoft fill. Remember Dmitry, our hero?

The day will have to come when we don't welcome people who enable spammers for money to be part of our community.

Check out Dmitry's very own Elcomsoft for one of the best password-testing resources on the web.

the really evil bastards are those who write email-addy-gathering spiders

Bingo! That's Dmitry's bizness, at ElcomSoft.

Send in your dollars to the EFF, because they're defending his company's right to do business in the US.

If this guy had had the tool (Advanced Email Extractor) that Elcomsoft**, and 'freedom poster boy' Dmitry has developed and sells, he wouldn't have had to scratch around and only send spam to a small list of email addresses.

Yep. Mister Poster boy, the guy the EFF considers their big hero, works for a company that produces an email-harvesting utility for extracting addresses from Websites and other online content.

Just lovely. And yet we all LOVE the little dude and want to make sure he's okay. Send in money to support his fight to sell his products in America.

** They appear to be hiding the 'Mail Utilities' site under a one way link away from ElcomSoft's main page. These fuckers KNOW what they're doing and they know it's dirty.

I have to ask then:

What is your feeling on the ElcomSoft Advanced Email Extractor tool? To quote from the sales site: Advanced Email Extractor (AEE) is designed to extract e-mail addresses from web-pages on the Internet (using HTTP and HTTPS protocols) and from HTML and text files on local disks.

It's a spammer tool, designed to harvest email addresses from weblogs like Slashdot so that spammers can use them.

It's also from Elcomsoft, the place where our little 'freedom poster boy' Dmitry works.

When the anti-spam people start hammering these fucks for arming the enemy, I will start taking them seriously.

How about the /. hero Dmitry Sklyarov, his company ElcomSoft makes bulkmailer and Advanced Email extractor as well as other tools to clean email address lists and localize them. His company has made lots of $$$$ selling spam tools.

Yeah, and the company that makes cracking tools for windows' passwords (i.e. elcomsoft) recently had one of their programmers arrested in the US for the trouble.

A Russian, no less. Good to see the international kidnapping phase of our relationship with Russia is over.

The government not only lied, but the lies were transparent to start with. If Skylarov had agreed to testify against his "former employers," why would this page be available?

Problem is that ElcomSoft works together with a lot of companies in the US, according to this article on the ElcomSoft website.

Quote:

ElcomSoft is headquartered in Moscow, with approximately 20 employees. Its Password Recovery software is sold and licensed to a majority of Fortune 500 companies and major accounting firm in the U.S., as well as U.S. military, intelligence and law enforcement agencies throughout the country.

If ElcomSoft is found guilty, it may well be that they have to seize their activities in the US. And that would cost them a lot...

Problem is that ElcomSoft works together with a lot of companies in the US, according to this article on the ElcomSoft website.

Quote:

ElcomSoft is headquartered in Moscow, with approximately 20 employees. Its Password Recovery software is sold and licensed to a majority of Fortune 500 companies and major accounting firm in the U.S., as well as U.S. military, intelligence and law enforcement agencies throughout the country.

If ElcomSoft is found guilty, it may well be that they have to seize their activities in the US. And that would cost them a lot...

So he's out, which is most excellent, but he is still confined to Socal. I'm sure his family is what he misses most and needs more than anything right now.

Is anyone planning or raising funds for bringing his family to the US?

The best (and only) way I've seen so far to help support uniting Dmitri with his family is to contribute directly to him through the PayPal account posted at Elcomsoft. I urge everyone here to do so.

Since this is a pro/con discussion, let's try to come up with some creative ways for the people on the other side to sapp the resources of the EFF, too. Equal time and all that.

1. Steal from the EFF.

2. Convince your friends to not join the EFF.

3. Distribute Elcomsoft software on warez sites.

Everybody, think real hard about how much money you can part with. Surely most people here can let go of at least $100, without blinking. Hell, a lot of you wouldn't blink at spending $500 on a night out. or maybe you can only spare $20, you can still help with that. Now do two things with that money:

1) Donate to the EFF, or Join the EFF. They're a great organization, and they can use your help. You, on the other hand, can use the tax break.
2) Purchase Elcomsoft software.

As an employee, is Dmitri Sklyarov libel for ElcomSoft's actions?

Gosh, now I'm nervous ... I hope my company isn't up to any hanky-panky.