2. Who are we?
• Founded in 1990
• In password recovery since 1998
• Privately owned
• HQ and Dev in Moscow, Russia
• Four US patents issued, more to come
11. • Recovers encryption key
• Password remains unknown
• Works only with 40-bit encryption
‣ MS Word 97-2003, Adobe PDF
‣ Word 2007/2010 when saving in .doc
• Can be applied to passwords
12. • Based on Rainbow Tables
• TT = RT + Keys not in RT
• Provides guaranteed decryption
(except for MS Excel files)
• Data fits on DVD or 4 Gb USB stick
• Average key search time is 25 seconds
13. 100%
99.4% 99.9% 100%
95.7%
89.4%
75% 77.6%
69.7%
Keys recovered
This is dual-core CPU with tables on HDD
50% 54.7%
Quad-core with tables on SSD will be way
40.2%
faster!
25%
25.3%
17.4%
0%
1 sec. 2 sec. 5 sec. 10 sec. 20 sec. 30 sec. 1 min. 2 min. 5 min. 10 min. 15 min.
Attack duration
16. • Order of magnitude faster than CPU
• Competing vendors: NVIDIA and ATI
• Hardware readily available
‣ Consumer- and enterprise-grade solutions
‣ Very competitive hardware pricing
24. Elcomsoft Phone
Password Breaker
• Recovers passwords for mobile devices
backups
• Works offline (device is not needed)
• Decrypts backups (you can use favorite
mobile forensics tools)
• Recovers passwords stored in Keychain
• GPU & TACC acceleration
25. iOS 4.x Backup
Security
• Password verification is done on the device
‣ PBKDF2-SHA1 with 10’000 iterations
‣ Was 2000 iterations in iPhoneOS 3.x
• No data leaves device unencrypted
‣ AES-256, per-file key and IV
26. Backup password
Backup keybag Backup master key
Encrypted FEK and IV FEK encryption key
AES-256 key and IV to decrypt file
27. iOS 4.x Keychain
Security
• Keychain is system-wide storage for secrets
‣ Sort of Protected Storage for iOS
• Encrypted with device-specific key
• Plain backups include keychain “as-is”
• Encrypted backups include keychain re-
encrypted on key derived from password
‣ The only reliable way to get stored secrets
28. Blackberry Backup
Security
• Password verification is done on the PC
‣ PBKDF2-SHA1 with 1 (one) iteration
‣ Generating 256 bytes of key data, using
256 bits
• Data encryption done on PC
‣ AES-256, single file
Still think Blackberry is more secure?