File Encryption/Decryption Question

Discussion in 'Computer Security' started by John Doe, Jul 15, 2007.

  1. John Doe

    John Doe Guest

    I am using a major brand of file encryption that stores its keys in a
    database file. My files were being backed, but were encrypted at the same
    time. Recently, I suffered a hard disk crash and had to resort to restore
    my files that were stored under "my documents". Unfortunately, the
    database with the keys wasn't being backed up because they weren't located
    under "my documents". Needless to say, the files that were backed up can't
    be decrypted under normal operation after being restored.

    Do software developers keep backup keys available for this situation or am I
    hosed? Is there anything on the marked to decrypt these files?

    Sincerely,
    Bob Becnel
    John Doe, Jul 15, 2007
    #1
    1. Advertising

  2. John Doe

    jc Guest

    John Doe wrote:
    > I am using a major brand of file encryption that stores its keys in a
    > database file. My files were being backed, but were encrypted at the same
    > time. Recently, I suffered a hard disk crash and had to resort to restore
    > my files that were stored under "my documents". Unfortunately, the
    > database with the keys wasn't being backed up because they weren't located
    > under "my documents". Needless to say, the files that were backed up can't
    > be decrypted under normal operation after being restored.
    >
    > Do software developers keep backup keys available for this situation or am I
    > hosed? Is there anything on the marked to decrypt these files?
    >
    > Sincerely,
    > Bob Becnel
    >
    >

    You don't say what you used to encrypt the files. Sounds pretty shoddy
    if they didn't recommend backing up the keys. Try googling

    password recovery <encryptionprogram>


    jc
    jc, Jul 15, 2007
    #2
    1. Advertising

  3. "John Doe" <> (07-07-14 23:21:12):

    > I am using a major brand of file encryption that stores its keys in a
    > database file. My files were being backed, but were encrypted at the
    > same time. Recently, I suffered a hard disk crash and had to resort
    > to restore my files that were stored under "my documents".
    > Unfortunately, the database with the keys wasn't being backed up
    > because they weren't located under "my documents". Needless to say,
    > the files that were backed up can't be decrypted under normal
    > operation after being restored.


    Maybe I should note that your security concept is completely pointless.
    Either you backup the keys, by what attackers can easily get to the
    plaintext, or you don't backup the keys, turning the backups useless in
    case of data loss.


    > Do software developers keep backup keys available for this situation
    > or am I hosed? Is there anything on the marked to decrypt these
    > files?


    Developers of secure encryption software (i.e. not closed-source)
    generally don't keep such "backup keys", because again that would render
    the entire security system completely pointless.

    If the cipher used is a secure one, then yes, you're hosed. There are
    programs for brute-forcing, but if your keys were random (i.e. not
    generated from a passphrase), then don't bother -- your data is lost.


    Regards,
    Ertugrul Söylemez.


    --
    Security is the one concept, which makes things in your life stay as
    they are. Otto is a man, who is afraid of changes in his life; so
    naturally he does not employ security.
    Ertugrul Soeylemez, Jul 16, 2007
    #3
  4. John Doe

    jc Guest

    Ertugrul Soeylemez wrote:
    > "John Doe" <> (07-07-14 23:21:12):
    >
    >> I am using a major brand of file encryption that stores its keys in a
    >> database file. My files were being backed, but were encrypted at the
    >> same time. Recently, I suffered a hard disk crash and had to resort
    >> to restore my files that were stored under "my documents".
    >> Unfortunately, the database with the keys wasn't being backed up
    >> because they weren't located under "my documents". Needless to say,
    >> the files that were backed up can't be decrypted under normal
    >> operation after being restored.

    >
    > Maybe I should note that your security concept is completely pointless.
    > Either you backup the keys, by what attackers can easily get to the
    > plaintext, or you don't backup the keys, turning the backups useless in
    > case of data loss.
    >


    You'll have to explain this, you're basically saying that file
    encryption is worthless. How does backing up the keys expose them to
    hackers?

    >
    >> Do software developers keep backup keys available for this situation
    >> or am I hosed? Is there anything on the marked to decrypt these
    >> files?

    >
    > Developers of secure encryption software (i.e. not closed-source)
    > generally don't keep such "backup keys", because again that would render
    > the entire security system completely pointless.
    >
    > If the cipher used is a secure one, then yes, you're hosed. There are
    > programs for brute-forcing, but if your keys were random (i.e. not
    > generated from a passphrase), then don't bother -- your data is lost.
    >
    >
    > Regards,
    > Ertugrul Söylemez.
    >
    >
    jc, Jul 16, 2007
    #4
  5. jc <> (07-07-16 18:53:23):

    > > Maybe I should note that your security concept is completely
    > > pointless. Either you backup the keys, by what attackers can easily
    > > get to the plaintext, or you don't backup the keys, turning the
    > > backups useless in case of data loss.

    >
    > You'll have to explain this, you're basically saying that file
    > encryption is worthless. How does backing up the keys expose them to
    > hackers?


    If the encryption keys become part of the backup, then what's the point
    in encrypting?


    Regards,
    Ertugrul Söylemez.


    --
    Security is the one concept, which makes things in your life stay as
    they are. Otto is a man, who is afraid of changes in his life; so
    naturally he does not employ security.
    Ertugrul Soeylemez, Jul 19, 2007
    #5
  6. John Doe

    jc Guest

    Ertugrul Soeylemez wrote:
    > jc <> (07-07-16 18:53:23):
    >
    >>> Maybe I should note that your security concept is completely
    >>> pointless. Either you backup the keys, by what attackers can easily
    >>> get to the plaintext, or you don't backup the keys, turning the
    >>> backups useless in case of data loss.

    >> You'll have to explain this, you're basically saying that file
    >> encryption is worthless. How does backing up the keys expose them to
    >> hackers?

    >
    > If the encryption keys become part of the backup, then what's the point
    > in encrypting?
    >
    >
    > Regards,
    > Ertugrul Söylemez.
    >
    >

    I still don't see what you're getting at. The keys are useless without a
    password.


    jc
    jc, Jul 19, 2007
    #6
  7. John Doe

    Ari Guest

    On Thu, 19 Jul 2007 05:53:03 +0200, Ertugrul Soeylemez wrote:

    > jc <> (07-07-16 18:53:23):
    >
    >>> Maybe I should note that your security concept is completely
    >>> pointless. Either you backup the keys, by what attackers can easily
    >>> get to the plaintext, or you don't backup the keys, turning the
    >>> backups useless in case of data loss.

    >>
    >> You'll have to explain this, you're basically saying that file
    >> encryption is worthless. How does backing up the keys expose them to
    >> hackers?

    >
    > If the encryption keys become part of the backup, then what's the point
    > in encrypting?
    >
    > Regards,
    > Ertugrul Söylemez.


    Which brings me to a conversation I just had with Moxy. They can't
    backup encrypted files.
    Ari, Jul 24, 2007
    #7
  8. John Doe

    jc Guest

    Ari wrote:
    > On Thu, 19 Jul 2007 05:53:03 +0200, Ertugrul Soeylemez wrote:
    >
    >> jc <> (07-07-16 18:53:23):
    >>
    >>>> Maybe I should note that your security concept is completely
    >>>> pointless. Either you backup the keys, by what attackers can easily
    >>>> get to the plaintext, or you don't backup the keys, turning the
    >>>> backups useless in case of data loss.
    >>> You'll have to explain this, you're basically saying that file
    >>> encryption is worthless. How does backing up the keys expose them to
    >>> hackers?

    >> If the encryption keys become part of the backup, then what's the point
    >> in encrypting?
    >>
    >> Regards,
    >> Ertugrul Söylemez.

    >
    > Which brings me to a conversation I just had with Moxy. They can't
    > backup encrypted files.


    I'm missing something. If someone got hold of the backup, with the keys
    and the encrypted files, what could they do without a passphrase? Seems
    like the files would still be safe given a strong one.


    jc
    jc, Jul 24, 2007
    #8
  9. John Doe

    Ari Guest

    On Tue, 24 Jul 2007 02:03:29 GMT, jc wrote:

    >>> If the encryption keys become part of the backup, then what's the point
    >>> in encrypting?
    >>>
    >>> Regards,
    >>> Ertugrul Söylemez.

    >>
    >> Which brings me to a conversation I just had with Moxy. They can't
    >> backup encrypted files.

    >
    > I'm missing something. If someone got hold of the backup, with the keys
    > and the encrypted files, what could they do without a passphrase? Seems
    > like the files would still be safe given a strong one.


    You would be one layer short of protection, that being the passphrase
    only which, if 16 characters, ought to be sufficient.
    Ari, Jul 24, 2007
    #9
  10. jc <> (07-07-19 14:54:40):

    > > If the encryption keys become part of the backup, then what's the
    > > point in encrypting?

    >
    > I still don't see what you're getting at. The keys are useless without
    > a password.


    Now we're getting somewhere. From what you told it sounded like the
    keys were backed up in plain.


    Regards,
    Ertugrul Söylemez.


    --
    Security is the one concept, which makes things in your life stay as
    they are. Otto is a man, who is afraid of changes in his life; so
    naturally he does not employ security.
    Ertugrul Soeylemez, Jul 25, 2007
    #10
  11. John Doe

    jc Guest

    Ari wrote:
    > On Tue, 24 Jul 2007 02:03:29 GMT, jc wrote:
    >
    >>>> If the encryption keys become part of the backup, then what's the point
    >>>> in encrypting?
    >>>>
    >>>> Regards,
    >>>> Ertugrul Söylemez.
    >>> Which brings me to a conversation I just had with Moxy. They can't
    >>> backup encrypted files.

    >> I'm missing something. If someone got hold of the backup, with the keys
    >> and the encrypted files, what could they do without a passphrase? Seems
    >> like the files would still be safe given a strong one.

    >
    > You would be one layer short of protection, that being the passphrase
    > only which, if 16 characters, ought to be sufficient.


    I suppose it would be a good idea to back up the keys on their own
    device. Keep that in a secure place.


    jc
    jc, Jul 25, 2007
    #11
  12. John Doe

    Ari Guest

    On Wed, 25 Jul 2007 17:59:36 GMT, jc wrote:

    > Ari wrote:
    >> On Tue, 24 Jul 2007 02:03:29 GMT, jc wrote:
    >>
    >>>>> If the encryption keys become part of the backup, then what's the point
    >>>>> in encrypting?
    >>>>>
    >>>>> Regards,
    >>>>> Ertugrul Söylemez.
    >>>> Which brings me to a conversation I just had with Moxy. They can't
    >>>> backup encrypted files.
    >>> I'm missing something. If someone got hold of the backup, with the keys
    >>> and the encrypted files, what could they do without a passphrase? Seems
    >>> like the files would still be safe given a strong one.

    >>
    >> You would be one layer short of protection, that being the passphrase
    >> only which, if 16 characters, ought to be sufficient.

    >
    > I suppose it would be a good idea to back up the keys on their own
    > device. Keep that in a secure place.
    >
    > jc


    Better game plan I would think.
    Ari, Jul 26, 2007
    #12
  13. to answer the original question, no, developers don't have backdoors
    as a rule - we write in solid recovery processes and expect people to
    follow them.

    If we did put in back doors, and they were discovered, we'd be
    ridiculed out of the market, so, we tend not to do anything so silly.
    SafeBoot Simon, Jul 27, 2007
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thorben Grosser

    RSA Decryption

    Thorben Grosser, Nov 18, 2004, in forum: Computer Security
    Replies:
    2
    Views:
    622
    yer mammy
    Nov 19, 2004
  2. SimeonArgus

    Decryption challenge...

    SimeonArgus, Feb 5, 2007, in forum: Computer Security
    Replies:
    7
    Views:
    501
  3. Greg

    NTFS Decryption with some Boot Problems

    Greg, Mar 25, 2006, in forum: Computer Support
    Replies:
    8
    Views:
    529
    MADMAN
    Mar 30, 2006
  4. Anton

    XP decryption defect ?

    Anton, Nov 26, 2006, in forum: Computer Support
    Replies:
    1
    Views:
    378
    Gary G. Taylor
    Nov 27, 2006
  5. Deepa
    Replies:
    0
    Views:
    1,174
    Deepa
    Jul 13, 2009
Loading...

Share This Page