Encase BBS |
EnCase is the industry leading computer forensic software tool used by most all computer forensic examiners worldwide. This is a conversation between the Encase User Group concerning Encryption and Passphrases (eventualy a Scramdisk developer joins the thread). |
Author | Topic: ScramDisk Software |
Rick
****** Member |
Does anyone have any information on the software ScramDisk. It is a free Encryption software. I think it places part of a drive into a file (I think like drivespace) and password protects with up to 4 passwords. I was able to get a copy of the software but unable to locate the protected file. Just trying to see if anyone has dealt with this software before. This is for a ch*ld p*rn cases, where the subjects told his family the
police won't Thank you advance for any info Rick ****** |
Dan
******* Member |
Rick, Here is a url where you can research some of the facts about scramdisk. www.scramdisk.clara.net/ Dan IP: |
shelly Member |
Guys, I have had some success in breaking Bestcrypt, which uses a simmilar process ("container files") and we were able to construct a cracking engine to attack BC. I have just looked at scamdisk and I think it may be vulnerable to the same kind of attack. I'll work up a protocol for it and, if I succeed, I'll be happy to attempt a crack on a "no crack, no fee" basis. mail me offline for a chat about this case. shelly@********.com IP: |
shelly Member |
I've just been contacted by the BestCrypt developers who have quoted my previous message from this topic to me saying that they were notified of it by one of their USERS! Hmmmm... Who actually reads this board? I'd love to know :-o shelly@********.com IP: |
ggottfri Member |
I am unsure what version of ScramDisk you are using, but there are a couple of attacks against it as of v2.02h at least, accoring to Paul Le Rou (I paraphrase some): One noticeable weakness is that ScramDisk's sector scrambling is based on 1024 random bytes found in the first 2 sectors of a ScramDisk volume. These sectors and the sector number are passed through a function which produces a 128 bit value unique to that volume and sector. This value is then used as the whitening and CBC IV values for the actual encryption. Therefore, each sector in a ScramDisk volume has it's own constant IV, which is unique to that volume and sector. But it also means that no matter what data that sector contains, the IV and whitening values are the same. ScrammDisk is also extremely vulnerable to dictionary attacks... wrote a good explanation of how ScrammDisk works, which is as follows: 1.load the 20 byte SHA-1 hash as the cipher key 2.decrypt 2048 bytes from sectors#0-3 3.load up to 32 bytes from 1024-1055 as the cipher key 4.decrypt sector#16 5.decrypt sector#17 6.if sector#16 NOT equal sector#17 then goto the last step 7.decrypt sector#18 8.if sector#18 NOT equal sector#17 then goto the last step 9.the password is correct, end 10.repeat from step 1 for all remaining ciphers
The next steps normally decrypt and compare complete sectors (512 bytes), however an attack need only decrypt one block (for most ciphers 8 bytes or 64 bits) for each step after step 1. This results in an attacker needing to do exactly 132 decryption's per password test cycle for a 64 bit block cipher. [This message has been edited by ggottfri (edited 10-28-2000).] IP: |
shelly Member |
Excellent insight - thanks. :-) Can you mail me the link to the source of your date please. Thanks
IP: |
JWS39595 Member |
Rich...I am also doing a similar case with the same problem....if you would like to discuss it you can email me at jws****@*****.com and maybe we can figure this thing out...I have tried contacting Shelly but havent received a reply yet.
IP: |
shelly Member |
Sorry for the delay - I've been out of the office - I'll be mailing you shortly (When I've caught up on the email train :-) IP |
shelly Member |
As you know I have been working on a scramdisk cracking utility. It is taking longer and costing more to develop than I had anticipated because I am adding extra features (encrypted container recognition, password morphing, support for multi processors etc). I now anticipate that the tool will be available in mid January and I would like to get a feel for how many people would be interested in having a copy. I normally only offer a no crack-no fee service but, because the majority of cases involve files containing CP, it makes it impossible for me to recieve evidential files via email without breaking the law. Therefore, if enough people are interested in using the tool, I may consider licensing it to recover some of my costs. Anyone interested, please contact me via email at
shelly@********.com IP: |
Sam@Scramdisk Member |
Hi, I officialy represent Scramdisk (Shelly did ask who read this forum ). We're interested by all your comments, but are amused to here that "ScrammDisk is also extremely vulnerable to dictionary attacks..." in view of the fact that greater than 100 decryptions per trial passphrase *per cipher* are necessary to test a key...Do you guys really consider >800 decryptions (SD currently supports 8 ciphers) per key to be "vulnerable"? The situation will improve in future...We will be adding further ciphers (AES256 etc) and also additional hash functions (SHA256, RIPEMD160) - this will mean each passphrase will need to be tested against 27 cipher /hash combinations - which will mean greater than 2700 decryptions per passphrase. Please also note that Scramdisk v3.x containers are NOT detectable from random files (unless Shelly knows something we don't - this "feature" is a problem specifically linked with SD v2.x. We will be posting an "official" response to these points on the Scramdisk site in due course. Regards, Sam IP: |
farmerdude Member |
just some thoughts... .... Sam@ScramDisk - while I definately agree that 2700 decryptions is very
cool, and most likely will prove a real hassle for desktops, against our
Sun Enterprise 6500s (running together as one) the 2700 number probably
won't be much more than a speed bump. Happy Thanksgiving All!! farmerdude IP: |
Sam@Scramdisk Member |
You said "against our Sun Enterprise 6500s (running together as one) the 2700 number probably won't be much more than a speed bump." Unfortunately, your 6500 are fighting against combinatorial mathematics Any (reasonable...) non-dictionary passphrase with more than 10 characters or so will be totally unbreakable, no matter how many 6500 you chuck at it, the passphrase is going to last a long time. Brute force is not the way to try to break Scramdisk....And we don't know of any backdoor or shortcut mechanism either. Still, most users probably aren't all that good about selecting passphrases
Regards, Sam IP |
As you can see from Sam's statement the passphrase is vitaly important. | |
Back |