mirror of
https://0xacab.org/optout/into-the-crypt.git
synced 2024-10-01 03:35:39 -04:00
MD tweak
This commit is contained in:
parent
8bbc4716f7
commit
bfab98759b
@ -277,10 +277,10 @@ There are USB devices known as "Mouse Jigglers" that are used by forensic teams
|
|||||||
There are easy preventative software-based solutions such as USBGuard that can prevent these devices for operating, however this will likely be picked up on and human mouse jigglers can take their place.
|
There are easy preventative software-based solutions such as USBGuard that can prevent these devices for operating, however this will likely be picked up on and human mouse jigglers can take their place.
|
||||||
Ideally a process can be utilized to detect such a device and invoke a shutdown process. A mitigation for the human mouse jigglers could be implementing forced authentication every half hour to an hour. If the credentials have not been entered, the user session could be terminated, memory could be cleared, or the shutdown command could even be invoked.
|
Ideally a process can be utilized to detect such a device and invoke a shutdown process. A mitigation for the human mouse jigglers could be implementing forced authentication every half hour to an hour. If the credentials have not been entered, the user session could be terminated, memory could be cleared, or the shutdown command could even be invoked.
|
||||||
|
|
||||||
## Play on Resources
|
## Play on Resources
|
||||||
Earlier, it was said that these groups have unlimited resources; this is not entirely true. The one resource which they lack is time. While they have infinite funds to allocate towards password and key cracking methods, so long as quantum physics strays behind computing, time is their main constraint. Taking methods from obscurity, the use of non-default encryption algorithms and hashing mechanisms for keys substantially increases the amount of time the analyst must expend on cracking. If the analyst cannot identify the hash function or cipher, they must try all possible options. Even if the correct password is obtained, this becomes useless without the proper cipher. For instance, Veracrypt uses over fifteen combinations of individual encryption algorithms and cascaded/stacked ciphers. Complement this with the five supported hash functions, and we are looking at 75 possible combinations of symmetric ciphers and one-way hash functions. As stated by ElcomSoft, "Trying all possible combinations is about 175 times slower compared to attacking a single combination of AES+SHA-512." [#](https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/)
|
Earlier, it was said that these groups have unlimited resources; this is not entirely true. The one resource which they lack is time. While they have infinite funds to allocate towards password and key cracking methods, so long as quantum physics strays behind computing, time is their main constraint. Taking methods from obscurity, the use of non-default encryption algorithms and hashing mechanisms for keys substantially increases the amount of time the analyst must expend on cracking. If the analyst cannot identify the hash function or cipher, they must try all possible options. Even if the correct password is obtained, this becomes useless without the proper cipher. For instance, Veracrypt uses over fifteen combinations of individual encryption algorithms and cascaded/stacked ciphers. Complement this with the five supported hash functions, and we are looking at 75 possible combinations of symmetric ciphers and one-way hash functions. As stated by ElcomSoft, "Trying all possible combinations is about 175 times slower compared to attacking a single combination of AES+SHA-512." [#](https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/)
|
||||||
Hypothetically, if the algorithm/hash combination is known by the attacker, here is where the cascading algorithms display their value:
|
Hypothetically, if the algorithm/hash combination is known by the attacker, here is where the cascading algorithms display their value:
|
||||||
"Whether they choose to encrypt with AES, Serpent, Twofish or any other single algorithm, the speed of the attack will remain the same. Attacks on cascaded encryption with two algorithms (e.g. AES(Twofish)) work at half the speed, while cascading three algorithms slows them down to around 1/3 the speed."
|
"Whether they choose to encrypt with AES, Serpent, Twofish or any other single algorithm, the speed of the attack will remain the same. Attacks on cascaded encryption with two algorithms (e.g. AES(Twofish)) work at half the speed, while cascading three algorithms slows them down to around 1/3 the speed."
|
||||||
|
|
||||||
- note:
|
- note:
|
||||||
VeraCrypt does not keep encryption/hashing algorithms secret. Keeping such information secret would break the functionality of VeraCrypt (unless the user were to enter such information on every boot, comparably to how PIMs work). An attacker will never need to attempt multiple combinations. They will simply need to attempt cracking a single, different, algorithm.
|
VeraCrypt does not keep encryption/hashing algorithms secret. Keeping such information secret would break the functionality of VeraCrypt (unless the user were to enter such information on every boot, comparably to how PIMs work). An attacker will never need to attempt multiple combinations. They will simply need to attempt cracking a single, different, algorithm.
|
||||||
|
Loading…
Reference in New Issue
Block a user