PGP - Brute Force pswd Attack
Created: 24 Nov 2012 | Updated: 17 Jan 2013 | 17 comments
This issue has been solved. See solution.
Besides the length of the pass phrase for PGP..
Does PGP from Symantec have a Brute Force PSWD protection ? e.g. limited attempts allowed? or are the attempts to the pass phrase infinite ?
Thanks in advance.
T N
Discussion Filed Under:
Comments 17 Comments • Jump to latest comment
I'm thinking that you asking specifically in relationship to the PGP Desktop product's Whole Disk Encryption. This does not have a limit to the number of passphrase entry attempts. However, you can encrypt to a public key on a smartcard/token; the private portion of the key is not able to be removed or copied from the smartcard/token, so to have access to your encrypted disk, you would have to be in possession of the smartcard/token and have the password/passphrase that permits access to the smartcard/token. And this can be set to limit the amount of password/passphrase entries.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
If you are managed by PGP Universal, you can set a policy value to specify the number of failed login attempts before the system will be locked, at which point administrative assistance will be required to gain access.
Also, the string-to-key function employed uses a high iteration count which increases the amount of time necessary to perform a brute-force attack in the event you are not managed (or policy is not set).
Regards,
--------
David Finkelstein
Symantec R&D
See my question RE: Passware Kit Forensic 12.1
Do you have further questions on this?
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
See my question RE: Passware Kit Forensic 12.1
Question:
I found this:
Passware Kit Forensic 12.1
http://www.lostpassword.com/kit-forensic.htm
Is PGP vunerable ? Why or Why not?
PGP uses encryption algorithms that are publicly available for review, as well as the PGP source code itself being available for public review. There are no known flaws that would make this claim valid in regard to directly attacking either the PGP software, or the encryption algorithms it uses. Although I am not aware of how this particular software approaches the reported decryption, I'm guessing that it does a dictionary attack, which is an attack on the passphrase, and this type of attack will work on any encryption product that uses passphrases, IF weak passphrases are used. When you generate a key in PGP, you will see an estimate of the strength of the passphrase you are using. If your PGP encryption is encrypting to your public key, this type of attack can only take place if the person is able to obtain a copy of your private key.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
I understand pass phrase strength.
One of the claims of Forensic Software is capturing the pass phrase or other data from RAM that could be used to decrypt the volume.
Is the RAM with PGP encrypted like the data on the harddrive or is the pass phrase in RAM and able to be captured?
I think the following from the PGP Desktop User's Guide will answer this question.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
Please see below "PRODUCT RECOMMENDATION"
If an attacker has full access to the RAM of your system, they can pretty much do anything they want, since they can read any data in memory (including encryption keys, however they may be concealed). This attack is not isolated to Symantec's products, any system has this issue.
Safeguards include turning your system off when not in use, or at least entering hibernation, which for Whole Disk Encryption will remove the disk key from memory (you will need to re-enter your passphrase when you resume). It is never a safe idea to leave an unlocked system running while unattended.
--------
David Finkelstein
Symantec R&D
Please see below "PRODUCT RECOMMENDATION"
PRODUCT RECOMMENDATION:
I have host computer which is also accessed by another computer over a hardwire router (which also has wireless)
My guess is PGP Enterprise.. suggestions?
Please explain what level(s) of encryption protection you are seeking.
Is it just data transferred between these two computers? If so, you may just want to use the NetShare function.
Is it just these two computers in your network? Maybe you would just want PGP Desktop on each machine.
Are you looking for email encryption? Whole Disk Encryption?
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
"Please explain what level(s) of encryption protection you are seeking."
Entire Harddrive Encryption, etc.
"Is it just data transferred between these two computers? If so, you may just want to use the NetShare function."
Data is transfered between two sometimes 3 computers with the data being stored on the 1st Computer
"Is it just these two computers in your network? "
A simple network yes.
"Are you looking for email encryption?"
With this option, yes.
"Whole Disk Encryption?"
Yes.
Also, with Brute Force pass phrase Protection.
Sounds like PGP Desktop on each machine would meet your needs. If you want files transferred on your local network to be encrypted in transit, you might want to use the NetShare component. I'm not sure which license includes it, but Sales can answer that for you. You might want to try the Trial to see if it meets your needs.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
To answer your original question- Yes there is a feature on the universal Server to specify maximum number of attempts on the PGP Bootguard before it is locked.
-> Lock Passphrase user accounts on Windows clients after __ failed login attempts.
Would you like to reply?
Login or Register to post your comment.