Does Encryption Work?

Soldato
Joined
12 Dec 2003
Posts
2,588
My dads just come in and told me that a friend of his had his laptop stolen and somehow (he wasn't to clear) got his bank accounts emptied as a result. Dad kept going on about how any encryption you put on a laptop can be broken etc etc.

My question is this, how wrong is he? Can encryption really be broken easily? I was under the impression that a good encryption was fairly difficult to break!
 
Depends on the type of encryption. There are some algorithms that no one has ever managed to crack. But there are some with known exploits.
 
i'm pretty sure the EFS (encrypted file system) included in windows 2000/2003 and xp pro is secure.

mustn't get this confused with ntfs file permissions. it's a doddle to take ownership of any files protected with ntfs. :)

and what account details were stored? just the account no and sort code? or were there passwords and suchlike for online banking stored.... :eek:
 
With regards encryption - since encryption has been built into Windows you can secure your data extremely well.
Lets put it this way:

If under Win2k, WinXP you use the built-in encryption tools and encrypted say a folder on your second HD.
You then fr whatever reason didn't back your keys up, and then reinstalled Windows for whatever reason (by either installing back over the top or by wiping your primary drive first).
The data you had encrypted would be lost for ever.
You are simply never going to get that data back.

People tend to get confused with encryption and permissions.
If that same folder had simply been on the second HD and not encrypted, after the Windows reinstallation you wouldn't be able to access it.
However you could just take control of the data, reset the permissions and off you go.

It gets difficult when people have local access to your files - most OS's once local control has been gained can be convinced to hand over their secrets.
If for example I have an encrypted folder on a second HD.
If my PC is stolen then if they can gain local administrator rights then they can also gain rights to the encrypted data.
All they need is access to the account that created the encrpyted data and away they go.
If however they gained access to the laptop by reinstalling Windows then they won't have access to the encrypted data.

How safe your encrypted data is depends entirely on what tools people have.
The encrypted data alone is of no use - they won't get into it.
If however they have the key (the account used to create the encrypted data) and the means to use/turn the key (username & password for that account) then things change.
 
How about bitlocker or whatever the encryption that comes with vista ultimate is?

Very secure, it's designed for situations exactly like this. Put this way, for the encryption key to be hacked by a brute force attack and say you had access to every computer in the world, you'd still be measuring time till completion in 'ages of the universe'.

EFS isn't quite as secure, but then it's designed for a different situation.

Burnsy
 
My dads just come in and told me that a friend of his had his laptop stolen and somehow (he wasn't to clear) got his bank accounts emptied as a result. Dad kept going on about how any encryption you put on a laptop can be broken etc etc.

My question is this, how wrong is he? Can encryption really be broken easily? I was under the impression that a good encryption was fairly difficult to break!

One time pad encryption is impossible to break. Even using brute force it can't be decrypted.

Aes 128-bit would take millions of years with current tech, though moores law does mean brute force speed doubles every 24 months, and quantum computers would be able to decrypt it in reasonable time.

Programs like truecrypt have superencryption, ie it's encrypted once with aes 256-bit, again with twofish 448-bit, and then serpant 256-bit. Making it practically impossible for anyone to break it. And then there is plausible deniability.

The us government use 128-bit aes for secret files, and 192-bit for top secret files. They wouldn't use it if there was a back door.
 
Programs like truecrypt have superencryption, ie it's encrypted once with aes 256-bit, again with twofish 448-bit, and then serpant 256-bit. Making it practically impossible for anyone to break it. And then there is plausible deniability.

No one will ever find my porn muhahaha :D
 
Having Windows encryption won't be much use if, for instance, the administrator (or whatever) account is logged in. The logged in user can view any encrypted files.
 
quantum computers would be able to decrypt it in reasonable time.

The us government use 128-bit aes for secret files, and 192-bit for top secret files. They wouldn't use it if there was a back door.

With regards to quantum computing it would break it instantly, as the theory goes due to the nature of electrons they are everywhere and no where at the same time, so it would know every possible key.

The holy grail of encryption is rotating clear text but, imo, it will never happen.

The version of AES with use and the version Governments use will probably be very different. AES is public domain so encrypting data using it then allowing public to have it, is akin to making the worlds most secure safe then making the blueprints public record.
 
AES is public domain so encrypting data using it then allowing public to have it, is akin to making the worlds most secure safe then making the blueprints public record.
That's the whole point of any encryption algorithm. It requires peer review within academia or by industry specialists - most encryption standards that are used to secure highly sensitive data are used because they've been peer reviewed and proven to be secure.
 
Chances are that they had ticked the option to remember the password for online banking which as pointed out above deserves the :eek: smiley.
 
If my PC is stolen then if they can gain local administrator rights then they can also gain rights to the encrypted data.
All they need is access to the account that created the encrpyted data and away they go.
Why would anyone want or need to use windows encryption if all someone else needs to do is log into that person's account to see there encrypted data :confused:
 
Why would anyone want or need to use windows encryption if all someone else needs to do is log into that person's account to see there encrypted data :confused:

It's to stop people getting access over a network connection. It assumes the machine is physically secure.

Burnsy
 
Back
Top Bottom