Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > File Encryption/Decryption Question

Reply
Thread Tools

File Encryption/Decryption Question

 
 
John Doe
Guest
Posts: n/a
 
      07-14-2007
I am using a major brand of file encryption that stores its keys in a
database file. My files were being backed, but were encrypted at the same
time. Recently, I suffered a hard disk crash and had to resort to restore
my files that were stored under "my documents". Unfortunately, the
database with the keys wasn't being backed up because they weren't located
under "my documents". Needless to say, the files that were backed up can't
be decrypted under normal operation after being restored.

Do software developers keep backup keys available for this situation or am I
hosed? Is there anything on the marked to decrypt these files?

Sincerely,
Bob Becnel


 
Reply With Quote
 
 
 
 
jc
Guest
Posts: n/a
 
      07-15-2007
John Doe wrote:
> I am using a major brand of file encryption that stores its keys in a
> database file. My files were being backed, but were encrypted at the same
> time. Recently, I suffered a hard disk crash and had to resort to restore
> my files that were stored under "my documents". Unfortunately, the
> database with the keys wasn't being backed up because they weren't located
> under "my documents". Needless to say, the files that were backed up can't
> be decrypted under normal operation after being restored.
>
> Do software developers keep backup keys available for this situation or am I
> hosed? Is there anything on the marked to decrypt these files?
>
> Sincerely,
> Bob Becnel
>
>

You don't say what you used to encrypt the files. Sounds pretty shoddy
if they didn't recommend backing up the keys. Try googling

password recovery <encryptionprogram>


jc
 
Reply With Quote
 
 
 
 
Ertugrul Soeylemez
Guest
Posts: n/a
 
      07-16-2007
"John Doe" <(E-Mail Removed)> (07-07-14 23:21:12):

> I am using a major brand of file encryption that stores its keys in a
> database file. My files were being backed, but were encrypted at the
> same time. Recently, I suffered a hard disk crash and had to resort
> to restore my files that were stored under "my documents".
> Unfortunately, the database with the keys wasn't being backed up
> because they weren't located under "my documents". Needless to say,
> the files that were backed up can't be decrypted under normal
> operation after being restored.


Maybe I should note that your security concept is completely pointless.
Either you backup the keys, by what attackers can easily get to the
plaintext, or you don't backup the keys, turning the backups useless in
case of data loss.


> Do software developers keep backup keys available for this situation
> or am I hosed? Is there anything on the marked to decrypt these
> files?


Developers of secure encryption software (i.e. not closed-source)
generally don't keep such "backup keys", because again that would render
the entire security system completely pointless.

If the cipher used is a secure one, then yes, you're hosed. There are
programs for brute-forcing, but if your keys were random (i.e. not
generated from a passphrase), then don't bother -- your data is lost.


Regards,
Ertugrul Söylemez.


--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
 
Reply With Quote
 
jc
Guest
Posts: n/a
 
      07-16-2007
Ertugrul Soeylemez wrote:
> "John Doe" <(E-Mail Removed)> (07-07-14 23:21:12):
>
>> I am using a major brand of file encryption that stores its keys in a
>> database file. My files were being backed, but were encrypted at the
>> same time. Recently, I suffered a hard disk crash and had to resort
>> to restore my files that were stored under "my documents".
>> Unfortunately, the database with the keys wasn't being backed up
>> because they weren't located under "my documents". Needless to say,
>> the files that were backed up can't be decrypted under normal
>> operation after being restored.

>
> Maybe I should note that your security concept is completely pointless.
> Either you backup the keys, by what attackers can easily get to the
> plaintext, or you don't backup the keys, turning the backups useless in
> case of data loss.
>


You'll have to explain this, you're basically saying that file
encryption is worthless. How does backing up the keys expose them to
hackers?

>
>> Do software developers keep backup keys available for this situation
>> or am I hosed? Is there anything on the marked to decrypt these
>> files?

>
> Developers of secure encryption software (i.e. not closed-source)
> generally don't keep such "backup keys", because again that would render
> the entire security system completely pointless.
>
> If the cipher used is a secure one, then yes, you're hosed. There are
> programs for brute-forcing, but if your keys were random (i.e. not
> generated from a passphrase), then don't bother -- your data is lost.
>
>
> Regards,
> Ertugrul Söylemez.
>
>

 
Reply With Quote
 
Ertugrul Soeylemez
Guest
Posts: n/a
 
      07-19-2007
jc <(E-Mail Removed)> (07-07-16 18:53:23):

> > Maybe I should note that your security concept is completely
> > pointless. Either you backup the keys, by what attackers can easily
> > get to the plaintext, or you don't backup the keys, turning the
> > backups useless in case of data loss.

>
> You'll have to explain this, you're basically saying that file
> encryption is worthless. How does backing up the keys expose them to
> hackers?


If the encryption keys become part of the backup, then what's the point
in encrypting?


Regards,
Ertugrul Söylemez.


--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
 
Reply With Quote
 
jc
Guest
Posts: n/a
 
      07-19-2007
Ertugrul Soeylemez wrote:
> jc <(E-Mail Removed)> (07-07-16 18:53:23):
>
>>> Maybe I should note that your security concept is completely
>>> pointless. Either you backup the keys, by what attackers can easily
>>> get to the plaintext, or you don't backup the keys, turning the
>>> backups useless in case of data loss.

>> You'll have to explain this, you're basically saying that file
>> encryption is worthless. How does backing up the keys expose them to
>> hackers?

>
> If the encryption keys become part of the backup, then what's the point
> in encrypting?
>
>
> Regards,
> Ertugrul Söylemez.
>
>

I still don't see what you're getting at. The keys are useless without a
password.


jc
 
Reply With Quote
 
Ari
Guest
Posts: n/a
 
      07-24-2007
On Thu, 19 Jul 2007 05:53:03 +0200, Ertugrul Soeylemez wrote:

> jc <(E-Mail Removed)> (07-07-16 18:53:23):
>
>>> Maybe I should note that your security concept is completely
>>> pointless. Either you backup the keys, by what attackers can easily
>>> get to the plaintext, or you don't backup the keys, turning the
>>> backups useless in case of data loss.

>>
>> You'll have to explain this, you're basically saying that file
>> encryption is worthless. How does backing up the keys expose them to
>> hackers?

>
> If the encryption keys become part of the backup, then what's the point
> in encrypting?
>
> Regards,
> Ertugrul Sylemez.


Which brings me to a conversation I just had with Moxy. They can't
backup encrypted files.
 
Reply With Quote
 
jc
Guest
Posts: n/a
 
      07-24-2007
Ari wrote:
> On Thu, 19 Jul 2007 05:53:03 +0200, Ertugrul Soeylemez wrote:
>
>> jc <(E-Mail Removed)> (07-07-16 18:53:23):
>>
>>>> Maybe I should note that your security concept is completely
>>>> pointless. Either you backup the keys, by what attackers can easily
>>>> get to the plaintext, or you don't backup the keys, turning the
>>>> backups useless in case of data loss.
>>> You'll have to explain this, you're basically saying that file
>>> encryption is worthless. How does backing up the keys expose them to
>>> hackers?

>> If the encryption keys become part of the backup, then what's the point
>> in encrypting?
>>
>> Regards,
>> Ertugrul Sylemez.

>
> Which brings me to a conversation I just had with Moxy. They can't
> backup encrypted files.


I'm missing something. If someone got hold of the backup, with the keys
and the encrypted files, what could they do without a passphrase? Seems
like the files would still be safe given a strong one.


jc
 
Reply With Quote
 
Ari
Guest
Posts: n/a
 
      07-24-2007
On Tue, 24 Jul 2007 02:03:29 GMT, jc wrote:

>>> If the encryption keys become part of the backup, then what's the point
>>> in encrypting?
>>>
>>> Regards,
>>> Ertugrul Sylemez.

>>
>> Which brings me to a conversation I just had with Moxy. They can't
>> backup encrypted files.

>
> I'm missing something. If someone got hold of the backup, with the keys
> and the encrypted files, what could they do without a passphrase? Seems
> like the files would still be safe given a strong one.


You would be one layer short of protection, that being the passphrase
only which, if 16 characters, ought to be sufficient.
 
Reply With Quote
 
Ertugrul Soeylemez
Guest
Posts: n/a
 
      07-25-2007
jc <(E-Mail Removed)> (07-07-19 14:54:40):

> > If the encryption keys become part of the backup, then what's the
> > point in encrypting?

>
> I still don't see what you're getting at. The keys are useless without
> a password.


Now we're getting somewhere. From what you told it sounded like the
keys were backed up in plain.


Regards,
Ertugrul Söylemez.


--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Converting JPG file ppt file [Powerpoint] file zxcvar Digital Photography 7 06-22-2009 07:54 PM
How to create MDF file (.mdf) file from XML file. Dave ASP .Net 1 06-07-2007 11:32 PM
question about .h file and .cpp file,also compiler question key9 C++ 7 09-13-2006 06:45 PM
In file parsing, taking the first few characters of a text file after a readfile or streamreader file read... .Net Sports ASP .Net 11 01-17-2006 12:44 AM
An Automated process of watching a network file folder, reading a file in it and deleting the file using ASP.NET ? Luis Esteban Valencia Muoz ASP .Net 3 06-04-2005 10:56 AM



Advertisments