Video Screencast Help

PGP - Brute Force pswd Attack

Created: 24 Nov 2012 • Updated: 17 Jan 2013 | 17 comments
This issue has been solved. See solution.

Besides the length of the pass phrase for PGP..

Does PGP from Symantec have a Brute Force PSWD protection ? e.g. limited attempts allowed? or are the attempts to the pass phrase infinite ?

 

Thanks in advance.

 

T N

Comments 17 CommentsJump to latest comment

Tom Mc's picture

I'm thinking that you asking specifically in relationship to the PGP Desktop product's Whole Disk Encryption.  This does not have a limit to the number of passphrase entry attempts.  However, you can encrypt to a public key on a smartcard/token; the private portion of the key is not able to be removed or copied from the smartcard/token, so to have access to your encrypted disk, you would have to be in possession of the smartcard/token and have the password/passphrase that permits access to the smartcard/token.  And this can be set to limit the amount of password/passphrase entries.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

dfinkelstein's picture

If you are managed by PGP Universal, you can set a policy value to specify the number of failed login attempts before the system will be locked, at which point administrative assistance will be required to gain access.

Also, the string-to-key function employed uses a high iteration count which increases the amount of time necessary to perform a brute-force attack in the event you are not managed (or policy is not set).

Regards,

--------

David Finkelstein

Symantec R&D

Tactical-Neophyte's picture

See my question RE: Passware Kit Forensic 12.1

Tom Mc's picture

Do you have further questions on this?

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Tactical-Neophyte's picture

See my question RE: Passware Kit Forensic 12.1

Tactical-Neophyte's picture

Question:

I found this:

Passware Kit Forensic 12.1

  • Decrypts TrueCrypt, FileVault2, and PGP volumes in minutes
  • Integrated Encryption Analyzer Pro scans computers for password-protected items     
  • Includes Search Index Examiner to retrieve electronic evidence from a Windows Desktop Search Database 
  • Includes FireWire Memory Imager to acquire physical memory images of the seized computer

http://www.lostpassword.com/kit-forensic.htm

Is PGP vunerable ? Why or Why not?

Tom Mc's picture

PGP uses encryption algorithms that are publicly available for review, as well as the PGP source code itself being available for public review.  There are no known flaws that would make this claim valid in regard to directly attacking either the PGP software, or the encryption algorithms it uses.  Although I am not aware of how this particular software approaches the reported decryption, I'm guessing that it does a dictionary attack, which is an attack on the passphrase, and this type of attack will work on any encryption product that uses passphrases, IF weak passphrases are used.  When you generate a key in PGP, you will see an estimate of the strength of the passphrase you are using.  If your PGP encryption is encrypting to your public key, this type of attack can only take place if the person is able to obtain a copy of your private key. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Tactical-Neophyte's picture

I understand pass phrase strength.

One of the claims of Forensic Software is capturing the pass phrase or other data from RAM that could be used to decrypt the volume.

Is the RAM with PGP encrypted like the data on the harddrive or is the pass phrase in RAM and able to be captured?

Tom Mc's picture

I think the following from the PGP Desktop User's Guide will answer this question.

When you protect a disk or partition (on Windows systems) with PGP Whole Disk Encryption, your passphrase is turned into a key. This key is used to encrypt and decrypt the data on the encrypted disk or partition. While the passphrase is erased from memory immediately, the key (from which your passphrase cannot be derived) remains in memory.
This key is protected from virtual memory; however, if a certain section of memory stores the exact same data for extremely long periods of time without being turned off or reset, that memory tends to retain a static charge, which could be read by attackers. If your encrypted disk or partition (on Windows systems) is decrypted for long periods, over time, detectable traces of your key could be retained in memory. Devices exist that could recover the key. You won’t find such devices at your neighborhood electronics shop, but major governments are likely to have a few.
PGP Desktop protects against this by keeping two copies of the key in RAM, one normal copy and one bit-inverted copy, and inverting both copies every few seconds.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

dfinkelstein's picture

If an attacker has full access to the RAM of your system, they can pretty much do anything they want, since they can read any data in memory (including encryption keys, however they may be concealed).  This attack is not isolated to Symantec's products, any system has this issue.

Safeguards include turning your system off when not in use, or at least entering hibernation, which for Whole Disk Encryption will remove the disk key from memory (you will need to re-enter your passphrase when you resume).  It is never a safe idea to leave an unlocked system running while unattended.

--------

David Finkelstein

Symantec R&D

Tactical-Neophyte's picture

PRODUCT RECOMMENDATION:

I have host computer which is also accessed by another computer over a hardwire router (which also has wireless)

My guess is PGP Enterprise.. suggestions?

Tom Mc's picture

Please explain what level(s) of encryption protection you are seeking. 

Is it just data transferred between these two computers?  If so, you may just want to use the NetShare function.

Is it just these two computers in your network?  Maybe you would just want PGP Desktop on each machine.

Are you looking for email encryption?  Whole Disk Encryption?

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Tactical-Neophyte's picture

"Please explain what level(s) of encryption protection you are seeking."

Entire Harddrive Encryption, etc.

"Is it just data transferred between these two computers?  If so, you may just want to use the NetShare function."

Data is transfered between two sometimes 3 computers with the data being stored on the 1st Computer

"Is it just these two computers in your network? "

A simple network yes.

"Are you looking for email encryption?"

With this option, yes.

"Whole Disk Encryption?"

Yes.

Also, with Brute Force pass phrase Protection.

Tom Mc's picture

Sounds like PGP Desktop on each machine would meet your needs.  If you want files transferred on your local network to be encrypted in transit, you might want to use the NetShare component.  I'm not sure which license includes it, but Sales can answer that for you.  You might want to try the Trial to see if it meets your needs. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

vaibhav_jain1's picture

To answer your original question- Yes there is a feature on the universal Server to specify maximum number of attempts on the PGP Bootguard before it is locked.

-> Lock Passphrase user accounts on Windows clients after __ failed login attempts.

SOLUTION