Ping group, Drivecrypt weakness?

Discussion in 'Computer Security' started by Boship, May 28, 2004.

  1. Boship

    Boship Guest

    I am interested in the question of whether or not it can be proved
    that a file is a Drivecrypt container, without having the passphrase.

    In Drivecrypt 303c, when a container is being created, you can see a
    string of random-looking numbers being generated when clicking the
    mouse.

    I'm guessing that this string of numbers is used somehow to
    "randomise" the hash of the passphrase, and/or "randomise" where in
    the file it is stored.

    Given the string of the random-looking numbers, the hash of the
    passphrase, and a hex dump of the resulting container (possibly for a
    large number of containers), it does not seem to me to be an
    insurmountable task to deduce the algorithm used for "hiding" the hash
    of the passphrase. This algorithm may be badly designed, such that a
    test for a Drivecrypt container could be produced.

    On the other hand it may well be that the hash "hiding" algorithm used
    results in an essentially "random" file of numbers, but that in itself
    would give a strong indication of encryption - other files being very
    unlikely to have such a high degree of randomness.

    Am I talking through my backside here or what?
     
    Boship, May 28, 2004
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. doulos86

    Where's my systems weakness?

    doulos86, Jun 11, 2005, in forum: Computer Support
    Replies:
    11
    Views:
    921
  2. 
    Replies:
    81
    Views:
    3,154
  3. Replies:
    0
    Views:
    3,382
  4. JRS

    Put off DriveCrypt - ? alternative

    JRS, Oct 21, 2003, in forum: Computer Security
    Replies:
    6
    Views:
    1,222
  5. Supachai

    DRIVECRYPT - missing memory

    Supachai, Jan 24, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    694
    Supachai
    Jan 24, 2004
  6. =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D

    What is the 'dcrserv.exe' loaded by Drivecrypt?

    =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D, Sep 20, 2004, in forum: Computer Security
    Replies:
    13
    Views:
    2,549
    =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D
    Sep 26, 2004
  7. Imhotep
    Replies:
    2
    Views:
    2,038
    Imhotep
    May 24, 2006
  8. imhotep
    Replies:
    0
    Views:
    748
    imhotep
    Jun 23, 2006
Loading...