Endpoint Encryption

 View Only
Back to discussions
Expand all | Collapse all

Symantec Endpoint Encryption (SEE) encryption protocol and mode?

  • 1.  Symantec Endpoint Encryption (SEE) encryption protocol and mode?

    Posted Apr 10, 2015 10:05 AM

    I read another forum post that seemed to indicate that SEE uses AES-256.  Is that true?  If not, what encryption protocol is used?  Also, what encryption mode is used (e.g. CBC, CFB, CTS, ECB, OFB, etc.)?

    I have a drive that's encrypted but has bad/dirty sectors/blocks.  I started the decryption process but every attempt fails due to the dirty/bad blocks.  I can't run standard disk fixing tools because they can't read the volume since it's encrypted.  So I thought about trying to DD the drive to one with good sectors to see what I could recover post-decryption on the good drive but it occurred to me that if the encryption mode being used is something like CBC or CFB, the decryption process will carry the bad blocks down through and mess up the entire decryption process...

     



  • 2.  RE: Symantec Endpoint Encryption (SEE) encryption protocol and mode?

    Posted Apr 10, 2015 12:47 PM

    If the drive has bad blocks, I would recommend using a customized SEE WinPE disk to try to access the drive and copy data off.  Before trying to clone or decrypt, see what you can pull off manually.  Interrupted decryption can cause drive read failures, and/or file corruption which can compound the other issues preventing data recovery.

    More information here:
    http://www.symantec.com/docs/TECH223783