Any security system relies, at least in part, on encryption. However, there are right ways and wrong ways to use encryption. To encrypt a block of data, you need two ingredients (in addition to the data itself): an encryption algorithm and a randomly generated, well protected cryptographic key. Inattention to either or both of those details has led to the downfall of some past security schemes and so provides a cautionary tale or two.
The first lesson of encryption systems is, "Don't use proprietary encryption algorithms; use standard, well understood algorithms." That sounds non-intuitive: Wouldn't an encryption algorithm built in the bowels of some obscure laboratory by a small cadre of mathematical geniuses who are sworn to secrecy turn out the most uncrackable encryption method? You might think so, but history surely hasn't borne that out. For example, Microsoft needed an encryption method for its VPN software years ago and so developed a proprietary encryption algorithm which it included in its Point-to-Point Tunneling Protocol (PPTP) software, which proved vulnerable to attack in fairly short order. In contrast, consider that Windows' LAN Manager (LM) authentication protocol is roughly 20 years old, and although it's clearly computationally crackable at this point, it did stand the test of 20 years' use and is still extant in most networks. Much of that longevity must be attributed to the fact that the LM authentication system relies heavily upon a publicly designed standard encryption method called the Data Encryption Standard. DES has a successor in the newer, more secure Advanced Encryption Standard (AES), so look for that in encryption solutions. It, too, will eventually fall victim to Moore's Law, but with hope that won't happen for a decade or two.
The second lesson of encryption systems, is "Pick a key that can't be easily guessed, and figure out a good place to hide the cryptographic key." To illustrate that point, I ask you to consider Microsoft's Encrypting File System. EFS offers a convenient and fairly transparent way to protect files on a Windows 2008/Vista/2003/XP/2000 system. It's built atop AES and uses fairly long (256-bit as opposed to DES's 56 bits) cryptographic keys. People have, however, tried to attack it via its key-generation and -storage methods. The first time you tell Windows to encrypt a file, EFS spins up a random number to use as your EFS encryption key from that time on. But how did Windows create that "random" number? When EFS appeared in Win2K, some people claimed that Microsoft's method of generating nearly random numbers generates numbers in only a small, predictable range. I've never seen actual proof of that, but if it had been true, EFS would have been useless and such guess-the-key attacks have been successful on other cryptographic systems in the past.
More fruitful attacks on EFS rely upon finding the key itself. When you start your computer and try to read an encrypted file, Windows has the AES decryption code on hand and the encrypted data right on the hard disk—but where's the key? Clearly, Windows can't just plop the key right onto the hard disk. That would be too easy to attack, right? So, where else might it go? Actually, there really isn't anywhere else convenient to put the key. Most of us aren't really willing to type in a long cryptographic key at the keyboard, or to carry around a USB stick that holds the key and insert that stick whenever we want to encrypt or decrypt something.
Actually (and I'm greatly simplifying here), Windows gives you three choices: Type in a key every time you boot, store the key on a floppy disk, or, yes, let Windows hide it on the hard disk. Most of us opt for the third choice (it's the default), and so over the years, bad guys have figured out how to find the key's location, rendering EFS useless. But all is not lost, as a growing number of computers ship with something called a Trusted Platform Module (TPM) chip. TPM has just one job—to store keys—and so most TPM-equipped systems come with software that will store and protect EFS keys. Thus, with the mix of a good algorithm (AES), a good random-number generator, and a bit of hardware help in storing its keys, EFS represents an example of fairly good encryption. There are many others on the market, of course, but in the end analysis, they all succeed or fail on the same criteria.
End of Article
Mark, you say "Most of us opt for the third choice (it's the default), and so over the years, bad guys have figured out how to find the key's location, rendering EFS useless." Please give us real cases where the bad guys accessed the EFS-secured files.
muraty April 29, 2008 (Article Rating: )
From Mark Minasi:
I got that from Steve Riley at Microsoft – he’d be the guy to know and wouldn’t have any reason to discuss a nonexistent vulnerability. Thanks for reading!
What's next for virtualization and business IT? Windows IT Pro senior editor Jeff James speaks with VMware President and CEO Diane Greene on the future of virtualization technology. ...
An often irreverent look at some of the week's other news, including the long-awaited back to school season, Microsoft's first Seinfeld/Gates ad, some EU insights, another Netbook improvement, Opera silliness, and much, much more ...
IT Connections Dive into the new Microsoft platforms and products you implement and support with the experts from Microsoft, TechNet Magazine, Windows ITPro and industry gurus. There are 70+ sessions and interactive panels with networking opportunities.
Attention User Group Leaders... Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes and add Windows IT Pro & SQL Server Mag articles alongside your own message!.
Master SharePoint with 3 eLearning Seminars Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!
Get SQL Server 2008 at WinConnections Don’t miss Microsoft Exchange and Windows Connections conferences, the premier events for Microsoft IT Professionals in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
)
Register
Please give us real cases where the bad guys accessed the EFS-secured files.
muraty April 29, 2008 (Article Rating: