Sign in to follow this  
Followers 0
howyadoin

Infecting an encrypted system

13 posts in this topic

The question I have is :

When writing program code for say, spyware, is it needed to write it to crack the encryption in order to install the spyware? Or can it be installed without this crack?

<_<

0

Share this post


Link to post
Share on other sites

I'm going to assume you're talking about full-disk encryption, which doesn't provide any protection on a running system.

0

Share this post


Link to post
Share on other sites

Crack what encryption? There isn't usually any encryption involved.

0

Share this post


Link to post
Share on other sites
I'm going to assume you're talking about full-disk encryption, which doesn't provide any protection on a running system.

Yes. When they encrypt dick C. But you've just said it doesn't provide any protection on a running system so this answers my question. However, would encryption provide protection if it was "on the fly" encyrption like say TrueCrypt has?

Crack what encryption? There isn't usually any encryption involved.

I agree. There usually isn't any encryption. But I was wondering about attacking a system where you know their is disk encryption, for example, let's say someone has chosen to infect an encrypted federal government computer (which means they looked into it and found it is encrypted.

Edit : for clarity.

Edited by totallyAunti
0

Share this post


Link to post
Share on other sites

I don't think you understand basic concepts of cryptography and security. I think Google could help you out.

0

Share this post


Link to post
Share on other sites

[Comments Removed]

Edited by Seal
0

Share this post


Link to post
Share on other sites
I don't think you understand basic concepts of cryptography and security. I think Google could help you out.

Basic concepts. As a matter of fact, I just read a pdf on this topic and it didn't answer my question. All I understand now is why a new key needs to be used everytime a message is sent and received since using the same keys will make it much easier to hack. Other than this, I understand nada on the answer to my question.

0

Share this post


Link to post
Share on other sites
I don't think you understand basic concepts of cryptography and security. I think Google could help you out.

Basic concepts. As a matter of fact, I just read a pdf on this topic and it didn't answer my question. All I understand now is why a new key needs to be used everytime a message is sent and received since using the same keys will make it much easier to hack. Other than this, I understand nada on the answer to my question.

That's because you don't understand the topic. Stop, turn around and go back to learn the basics that you missed.

0

Share this post


Link to post
Share on other sites

Hes talking about things like Bitlocker in vista, hes wondering if he needs to decrypt to drop a payload.

No, as long as the system is running, the decryption keys are loaded in memory and it would be as easy as infecting a non-encrypted hard drive.

:)

Edit: Its infeasible to keep the entire hard drive encrypted and running, as it will slow things to a crawl because you'd need to load your key then delete it from the same memory a few thousand times,which would wreck your memory.

Its kind of like if you needed to enter your WPA key every time by hand if a packet had been sent or received.

Edited by IndexPhinger
0

Share this post


Link to post
Share on other sites
Edit: Its infeasible to keep the entire hard drive encrypted and running, as it will slow things to a crawl because you'd need to load your key then delete it from the same memory a few thousand times,which would wreck your memory.

Its kind of like if you needed to enter your WPA key every time by hand if a packet had been sent or received.

Interesting. But in the case of the program TrueCrypt, it says it will keep the entire drive encrypted though it's running (see below on what it says it does).

Have you read into what TrueCrypt says it'll do when you use it? It says it does this :

-encrypts/decrypts "on the fly" - example, if you open notepad it'll decrypt notepad so you can use it, everything else in the computer stays encrypted though. and when you then close notepad, it encrypts notepad again - in fact, as you use notepad and type in text, TrueCrypt will encrypt that text though you haven't yet closed notepad.

TrueCrypt seems impressive.

Also, TrueCrypt says it'll keep the entire system drive encrypted while you're using part of it with the only thing that's decrypted is the actual thing you're using at that moment - everything else stays encrypted around you. But, to do so you can't encrypt using cascades- you have chose only one, like Twofish, AES, etc, but not both.. and reason given was what you said, it would cause the computer to slow and use up all the memory.

So, in this case where TrueCrypt can do this, can someone install an infection considering everything will be encrypted except the browser while the guys on some webpage? - keep in mind though, TrueCrypt will encrypt the browser again once it's closed, so in that case, what chance will an infection have to get from the browser and into the computer since the browser closing just decrypted the browser and worse yet, the entire drive was already encrypted the entire time?

(sounds like anyone using such a program as TrueCrypt would make it very hard to infect, if it's even possible)

Here's the TrueCrypt userguide on pdf which I have hosted HERE. Read over this program and what it does. It sounds nearly impossible to infect any system with this thing encrypting it. This guide is also an attachment on this post...

TrueCrypt_6.1a_User_Guide.pdf

Edited by totallyAunti
0

Share this post


Link to post
Share on other sites

If the person has a system which will automatically decrypt whatever the person is using and only that part of the disk, if you can exploit the browser to install malware, the encryption system will assume that the person is using the disk and will encrypt anything that needs to be written to disk before it is written. The only good whole disk encryption is towards preventing malware installation is that it would prevent someone from mounting the harddrive and installing the malware on it without the user's having first used the hard drive. Most malware however doesn't require someone to physically rip out the disk or steal the computer and boot it to use because that would be some extremely pointless malware to all but a few people.

0

Share this post


Link to post
Share on other sites
The question I have is :

When writing program code for say, spyware, is it needed to write it to crack the encryption in order to install the spyware? Or can it be installed without this crack?

<_<

as stated encyption really wont do anything, just hope they dont have a firewall that freaks out about every little thing, and mabey it will work.

0

Share this post


Link to post
Share on other sites
If the person has a system which will automatically decrypt whatever the person is using and only that part of the disk, if you can exploit the browser to install malware, the encryption system will assume that the person is using the disk and will encrypt anything that needs to be written to disk before it is written.

Ok. That's what I thought.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0