Windows and Encryption Problems

Hi everyone,

I have lurked around here for a while, and I was just wondering if someone could supply me with a quick run-down of the possible problems associated with Windows and encryption software. I have read a lot about Windows "remembering" your passphrases without your knowledge. In what ways does it do this and can it be stopped? Or is using Windows just making your encryption software useless?

Thanks!

 

Hi DSB,

I wouldn't say that Windows is "remembering" your passphrases. Most encryption software hide their keys very well and are programmed in a way that they are safe. There is/was a problem with the SWAP file, but you can delete it every time you shut down your computer to be on the safe side. You can do this either via XP-AntiSpy or a registry entry.

If you are using encryption software like PGP or DriveCrypt you are on the safe side. If you are paranoid, install DriveCrypt Plus Packet, which encrypts the whole harddisk, the OS included. This is the only encryption software so far that produces such a high amount of security. Because if you are using PGP for example to encrypt your files, be aware, that if someone steals your computer, he can begin to hack the encrypted files. Don't misunderstand me here, PGP is a GREAT software! But with DCPP installed they can steal your computer, but they won't be able that easily to hack into your computer.

To find out all the passwords and to hack into a computer which was stolen is quite easy... Unfortunately... But with DCPP, most of the thieves will just throw your computer away, because it's useless to them. They can't even use it, because they are unable to install a new OS.

Hope that helps you so far! If you have further questions, let me know!

Best regards,

Patrice

 

Are you saying you can't format an encrypted HD?

 

Hi Metallica,

certainly a pro won't have any problem. He will change the harddisk, so that he would be able to use the computer. But as far as I understand DCPP (I haven't bought it yet), the first thing you have to do, is to enter the correct password for it. If you don't have it, you can neither use a Windows- or Linux-CD to boot up, the BIOS settings nor the console, where you could enter the command to format the HD.

Best regards,

Patrice

 

Thanks Patrice!

So most of you would agree that the passphrase of a PGP encrypted file/PGPdisk volume is fairly safe if the swapfile is deleted on shutdown? (leaving aside any possible keyloggers or trojans) That is a relief to me! I thought that there might be other possible places that people could use Windows files to get the passphrase.

Also, is it hard to get the passphrase from the swapfile? Would you have to worry about this if you were dealing with amateurs, or only with a more sophisticated adversary?

PS - I was also wondering about Windows storing temporary versions of unencrypted files -- is there some way to make sure that this doesn't happen? Patrice, I know you are a big DCPP fan, but is there a way for an average freeware user to prevent these files from existing?

 

Hi DSB,

To get a passphrase from the swapfile is difficult, let's say very difficult. First of all, you need to have access to the system. That means, you need administrator privileges. Without them you don't have access to the files you need. So if you use a strong administrator password (letters, numbers AND signs) and if you do all the updates from Windows, this is already a very, very difficult task.

I once tried to crack my password with some special tools. I have to say, that I had administrator privilege as well (because it was my computer ), but I wasn't able to crack it... It would have taken years...

If you deal with amateurs, they won't stand a chance against PGP. If you deal with more sophisticated adversaries like the NSA,... you won't stand a chance. We have to be realistic in that way. They use supercomputers and would hack your encrypted files "quite easily". But nothing to worry about. Your name should be Osama or Saddam to use those computers against you. lol

Mhh... I once read about the issue you mentioned, that Windows stores temporary versions of unencrypted files. But I don't think this happens with PGP. Because they know about this issue as well! AND don't forget, if you restart the computer, those temporary files are deleted if they really exists (depends on the encryption software you use).

Actually I'm a PGP fan -I'm using it for more than six years now! And I am very, very happy! Next to it I use DriveCrypt, but not DCPP. Perhaps I will buy it soon, I don't know it yet. Why I use two encryption software? Well, if they crack one, they still have to crack the other.
And DriveCrypt uses Steganography as well -no one should ever underestimate that.

Hope that helps you out so far! If you use PGP as a freeware, you are on the safe side. If you create a key, create a 4096 bit key. That will take them some time...

Best regards,

Patrice

 

Hi Patrice,
what would you see as the benefits of encrypting the WHOLE Operating System? I can see some benefits in having one partition which you use to store personal data as being encrypted, but the whole OS seems overkill. Considering GOOD encryption is processor and bandwidth intensive, wouldn't that slow the system down quite a bit? Is it worth encrypting programs and data that other people already have access to? Seems a bit overkill to me.

If you need to protect your PC from thieves there are other ways which password protect the actual startup of certain partitions (hence giving the same benefit that DCPP does without the added overhead of encrypting everything).

No one really knows what the NSA is capable of, as you have said before, but if a program uses a bit more then just a standard encryption algorithm, then it forces the NSA to have to reverse that program to work out what it is doing. Admittedly if the NSA had really good human crackers it would only take a matter of hours, but if you can annoy people who want your information then why not do it .

This is why I see programs like PGP,etc, which remain largely static and have a massive user base as very easy targets for certain organizations, but we will leave that for another thread

-Jason-

 

My experience with a tool like SafeGuard is quite good concerning the performance issues. Driver technology is advanced enough.
Most current tools use 'pre-boot' authentication with pass through identification to the operating system, so that there is a single sign on facility to the encryption toolkit.

Drivecrypt is one tool but there are more: SafeGuard (Utimaco), Safeboot (CtrAltDel), Pointsec. I once posted a question about the pro's and con's of these tools, but, alas noone could answer me

Advantage of full disk encryption is that encryption is completely out of control of the user. Using pgp, pgpdisk of other tools often demand action by the user (save to the right directory or right folder and entering password/passphrase).

And make sure that the key is stored off disk, on a token or smart card.

 

Hi Jason,

Yeah, you're completely right about what you say in your statement above. But I'm talking about a laptop on which you store really sensitive data (company secrets,...). I'm not talking about a PC, which you have at home. But a laptop is a nice target for thieves. As far as I know, there's no system slow down, but I'm not 100% sure. I just bought the software for my laptops yesterday. I will do some test with them, but this will take some time. At the moment I have another problems...

Sure, there are other ways of encrypting your sensitive data. Actually I'm using two different softwares for encrypting my data. But be aware, that if someone gets access to your system, he will find these files and try to crack the password. If you have DCPP installed he won't be able to enter the OS.

Little example: the easiest way to get onto another computer is that you just install a second OS on the harddisk. From there you have access to the other OS. Quite simple, hugh? From there you can hack the password. If you have enough time and a very fast computer, quite simple as well, hugh? Don't forget that most users have so weak passwords like their names,... My first password I ever used was hacked within 2 seconds...

And about the protecion at the startup of partitions, that's quite an easy task as well. If you use for example a BIOS password, this won't be a very difficult task for a cracker/hacker. Either take the battery out for some seconds or use a nice brute-forcing tool. Last but not least BIOS passwords just accept letters and numbers. So you're cracking contest won't take that long as usual.

I don't think like that. Don't forget that PGP is open source. There are many people around the world which are testing/improving it around the clock. There are encryption students and professors trying to hack the keys. Don't you think they are as good as certain organizations? If they find a hole, they will alert the developers. This will result in a patch. Once there was a nice statement of a former NSA-director. Unfortunately I don't find the original quote. But it went like this:

"If every household would use PGP, it would take the NSA to spend millions of years to crack those keys. Actually it already takes several years to crack a single PGP key."

Regards,

Patrice

 

Well actually from books and interviews I have read about the NSA they have quite a lot of computers, something like a few acres of mainframes. I'm not saying I'm an authority on information about the NSA or how much processing power they have but something along the lines of "a lot" or "the most" would be a good estimation.

I didn't mean PGP has backdoors, I know its open source. I just mean if I was in the business of bruteforcing keys I would spend the majority of my resources on the main programs and encryption schemes, wouldn't you? Encryption algorithms can be bruteforced by computers but the ways programs encrypt the data and how its stored would need to be analysed by a human, that only needs to be done ONCE for each version of a program. Having the source to how a program works only makes this job easier for the human.

If you don't care that your system will be slower then there is no reason why you wouldn't want to encrypt the whole drive. In regards to data theft, if *I* had critical data I wouldn't be storing it in a place where it could get stolen . However you seem to think that if your drive was encrypted with DCPP that they wouldn't be able to bruteforce it? Just because they can't boot into the OS doesn't mean much to a bruteforcer. If you had ONE encrypted partition which you stored ALL your critical data on, why does it matter that they can boot into your operating system on the same hard drive?

Do these programs encrypt using only one key also? It would be more secure to use multiple keys otherwise all someone needs to do is bruteforce ONE key and they have access to everything. As long as you encrypted files normally on the encrypted drive I guess this point doesn't matter.

I doubt that quote by the former "NSA-Director" is true.

-Jason-

 

Hi Jason,

Does this help you out, to make clear how many computers we (eh..) they use?

"NSA is the Baltimore Gas Electric (BGE) company's 2nd largest customer, and the 2nd largest user of electrical power in Maryland. NSA's yearly electrical bill is more than $21 million. Under a partnering agreement, in exchange for an annual credit to the NSA electric bill, BGE can request NSA to operate on-site emergency generators to produce electrical power during severe peak demand periods. This significant partnership with NSA allows BGE to serve additional customers and decreases the need for "rolling blackouts" in the area during peak demand periods."

Yeah, that's a good point! But I'm not sure if this is the case. It's almost certain that NSA people are working secretly (or with the agreement of Bill Gates) for Microsoft. But to enter the PGP corporation is quite a difficult task I guess. I agree that they can find out how PGP works, but I really doubt that they can crack the keys. The keys weren't invented by PGP. They are open source and were created from different people around the world. Most of them are cracks from different universities. These keys are regarded as safe -well, at least some of them, others are quite safe. Last but not least these keys are tested all over the world 24/24. There is always some research going on about their safety. So I really doubt that even the NSA,... can crack those if the other specialists fail to do so.

I agree that very sensitive data should be stored on a safe place! But here I have to ask the difficult question: What is sensitive data? You certainly have another definition than I have. If I'm saying that the last year's balance sheet of my company is sensitive, you perhaps say it's not. For you for example, the source code of TDS-3 is sensitive data, right?

Yeah, sure they would be able to bruteforce my disk! Nothing is completely safe! But I don't think that the NSA would be the thief, otherwise I have a really big problem. But by talking of a thief it can be everyone. The little guy from around the corner, who would love to have a laptop or some competitor, who would like to have some company specific data. For the little guy from around the corner, the computer would be useless. The competitor perhaps would try to hack the encryption. I mean there are some companies who can do this work for you. But time is against them. Encryption, in my eyes, is here to make them a hard life. Sure, sooner or later they will succeed. But do they have a) the time and b) the will to perform such an intensive task? Perhaps they crack it (the first encryption), what will happen? They will enter the computer and soon they will realize that the other files are encrypted as well. lol

I use a BIOS password, DCPP, Windows password, DriveCrypt and PGP for my really sensitive data. Perhaps you can call me paranoid, but you know my psychiatrist says I'm only a little bit mentally disturbed... lol

As far as I understand this tool right now, it uses two different keys. Both are 256 bit. Let's say it will already take some time to crack this code, provided that you use safe passwords!

Mhhh... unfortunately I didn't find that quote again. I was searching a while for it but it was useless. No luck! So I can't prove you. I would have to ask Phil Zimmermann, he certainly still knows about it. But I agree to this point that he said this in the 90'. A lot of things have changed from then til now...

Best regards,

Patrice

P.S. It's funny and interesting to discuss with you Jason!

 

What about me, I feel left alone in the cold

 

Hello Patrice,

It takes about 2 minutes to get all the pwds and/or change them on Win2K/XP/2K3 with a single LINUX disket or bootable CD : I often do it for clients who forgot their own :
Info and d/l : http://home.eunet.no/~pnordahl/ntpasswd/
if the floppy or CDROM are allowed on the PC or if the BIOS is not pwd protected
(and if protected, it takes about 10 more minutes to reset it )

Rgds,

 

I might not understand most of it ( a little above my ability)but this is one of the most interesting threads I've read in some time! I'm gonna read it a couple more times when I get home!

 

You don't need to work for any particular organization to be good at bruteforcing their particular product . Reverse engineering of programs is needed to work out how particular encryption algorithms are used, if the source code for the program is there then you don't need to reverse engineer it.

So for instance even if Product A and Product B use Rijndael as their main encryption, they both still have to be reverse engineered to work out HOW they store the encrypted data if they are going to be bruteforced. I know from my experience two seperate programs are not the same, some do MORE like extra XORing, multiple passes with different algorithms (including all sorts of hashing), etc, whilst some just stick with the stock standard encryption algorithm.

Whilst bruteforcing the encrytion keys will usually take the longest amount of time in regards to recovering encrypted data, if an organization finds a new program which does something different, time needs to be spent reverse engineering that program WHICH in SOME cases can take longer then the actual bruteforcing of the encrypted data. As I said though, this only needs to be done once for each program but the amount of time taken can vary depending on the level of protection used in hiding how the program which encrypt data works. I'm not saying PGP is a bad product because it is really solid, but you would say bruteforcing organizations would optimize themselves for the most used encryption packages.

Yes I guess to me personally, source code would be more important than a balance sheet . But everyone has their own ideas of what is "critical data". Encrypting data with a well known 256bit symmetric Cipher will surely circumvent all but the most powerful people from accessing your data.

The problem with most encryption methods (excluding one-time-pads) is they can be bruteforced, so given enough time someone will eventually have your information. People like to advertise the usual "millions of years to bruteforce our keys" , but don't be lulled into thinking your protected against everything or everyone. If you have followed factoring algorithms over the past few years you would have seen the amazing speed increase in factoring primes (prime numbers are used in most public key encryption systems like RSA) . A few years ago people were struggling to bruteforce 256bit RSA keys in MONTHS using supercomputers and a few hundred at the time leading PC's (around 300mhz) . Now we can bruteforce a 256bit RSA key on a Celeron 700mhz in 5 hours.

Another thing I might add is there are many, many companies/organizations that have the potential to be really good at bruteforcing. Don't think that only the NSA has the possibility, there are other countries and various companies (IBM/COMPAQ to just name a few) which have millions of CPU's. Some peer to peer distributed computing programs (programs like Seti@Home) have had questions asked about the companies actually funding them and what data is actually being processed. Seti@Home however hasn't had any valid questions raised about it though, I was just using that as an example of a peer to peer distributed computing program.

The U.S. government once had certain restrictions on encryption that have pretty much been abolished now. Maybe thats because all the current public encryption methods we use represent little challenge for it . Hard to say definately though so its just my own opinion.

-Jason-

 

Hi meneer, JacK & Jason,

Meneer I haven't forgotten about you, but let's say Jason took my whole attention for a moment.

JacK, I know about the tool you're talking about. Yeah, this works pretty fine. But I was talking about bruteforcing, not about overwriting and replacing the password. I didn't want to do that. In your case this tool is pretty good and efficient! But your remark is 100% correct!

Jason, I fully agree about what you said about reverse engineering. I believe as well, that they try to crack the encryption at this way. But I doubt (perhaps because I have to less knowledge about programming) that they can crack the keys. Do I get it wrong if I assume, that the program (for example PGP) calls in the keys when it comes to encrypt the data. The keys aren't written by PGP so they just use those to encrypt the data. So you don't need to crack the program, there's no sense in doing that, but you need to crack the keys. Perhaps I'm wrong, do you know more about this issue?

I also fully agree that every encryption can be bruteforced. The only thing you need is time and knowledge. I know that the key length has changed during time, but did you knew, that PGP already had keys of 4096 bit in 1997? Actually what we shouldn't forget that you won't be able that easily to bruteforce a key of 256 bit with a strong password. I agree that you bruteforce a key with a weak password like "Jane" quite easily. But what about a password like "ApfL 18754 WE ç%&*()*=)"? If we take math into account you have 26y*26 possibilites when you just use letters (now we once forget about big or small letters), 36y*36 possibilities if you use letters and numbers and more than 50y*50 possibilites if you use letters, numbers and special characters (depends on the keyboard language setting you have). I guess that you won't crack a password like this in five hours, right?

Personally I don't believe that the Americans allowed the encryption because they know how they can crack it. But this is my personal opinion. There were other reasons why they had to allow it. I still believe that some encryption tools (not all) are quite safe if you use them. Actually I would love to see how they crack my passwords and enter my system. I'm sure they would manage, but let's say it would be very time consuming. And time is never on their side!

Regards,

Patrice

 

Hi Patrice,

Bruteforcing usually works by trying every combination of possible key values, not by bruteforcing the password. When you type a password for a SYMMETRIC cipher, the program generates a KEY that is usually around 128bits or 256bits long. You then encrypt your data with this key and keep your key secret.

Say I then come across your encrypted data. Now if I knew you were known for weak passwords I might run some form of dictionary based attack to try and generate the same key you did using the same program (different programs generate keys in different ways using the same passhash). Dictionary attacks are a waste of time if the password is over a certain length (depends on the keysize) because the possibilies are too great.

So what I will do instead of bruteforcing your passphrase is bruteforce your key, a 128bit key has 2^128 combinations. That means I need to do a "test" in a loop, 2^128 times to work out if the current key is the same as your key. In case you don't realize 2^128 is an extremely massive number and hence will take a long time to try all possible key values. So I will state again, as long as your password isn't easily attainable (either from other data on your PC or whatever) then you would only ever bruteforce the actual key not the passphrase. Passphrase has little to do with the strength of a key once it reaches a certain size. It takes my 1gighz celeron a minute or two to bruteforce a 32bit key, just double that 124 times and you will have the time taken to do a 128bit key on the same computer.

When I use the term "reverse engineering" it has nothing at all to do with finding a backdoor in a program. All I mean is, if you have encrypted data there is no WAY of knowing its format unless you know the program, if you have the source you know the program, otherwise you have to reverse engineer the program and work out its data format.

Hope thats cleared up some things

*edit* added the hello

-Jason-

 

Hi Jason,

yup, that's right! There are several methods to crack the password or the key. Normally you start with a dictionary attack, because people mostly have weak passwords... After that you start with a hybrid attack which is also based on a dictionary attack. Last but not least you enter the phase when you use a bruteforcing attack. But your remarks concerning bruteforcing are completely right. It's not cracking the password, it's trying all possibilities. I didn't define it correctly in my post above. Normally I use these three steps to crack a password (dictionary attack - hybrid attack - bruteforcing attack). A good example is LC4 (by the way it will be blocked by TDS-3 if you try to start it ).

Your remark about bruteforcing the key instead of the passphrase is also absolutely correct. But sometimes it's easier to crack the password than the key. At least you need to have some information and knowledge about the encryption key to be able to do that.

I wasn't talking about a backdoor in a program, don't get me wrong. I understood very well what you meant by reverse engineering. But I don't know if it helps if you know the source code. As I already mentioned, the program just starts the keys which will encrypt the data. Do you think that there could be a possible weakness? I have far to less knowledge about this issue. But I think that the key is doing his work alone, without the help of PGP. Do you know more about that?

Best regards,

Patrice

 

Hey guys, this has become quite an interesting discussion...

Jason, don't you think that the benefits of knowing that a certain program is secure (such as a tested open-source proggie like PGP) outweigh the possible risk that an adversary wouldn't have to reverse-engineer the program? I have no research or knowledge to back this up, but it seems logical that the NSA (or any other well-funded adversary) would have the majority of programs reverse-engineered that they need to, and would have little trouble with a new one. If this were not the case, then open source products would be a foolish choice; similarly, wouldn't proprietary encryption ciphers be the preferred method in this model? I cannot believe that organizations like the NSA would have trouble with reverse engineering software on an as-needed basis.

This is just me thinking out loud, btw.

 

Hi DSB,
As people in the encryption industry are slowly starting to realize you can't have poor encryption algorithms in your programs. I guess to the average user they have no way of knowing which program is OK or BAD so they should stick with more well known and tested programs (because it protects them better against the average bruteforcer).

The problem with MOST encryption programs (I don't know if this still applies to PGP I havn't seen its latest source I would think it would) is they normally just stick with "industry standard" encryption methods and that is all. There are many EXTRA methods you can do to dramatically increase bruteforcing time whilst not affecting encryption time that much, but not many people implement them. This is on top of "industry standard" encryption mind you, I would never touch a program which used its "magic encryption algorithm". Any "extra" done by a program is only to its benefit when it comes to bruteforcing it.

Protecting your program is ONLY in benefit when it comes to reverse engineering it. The best public EXE crackers/reverse engineer's can spend a few days figuring out certain programs, so even if the NSA had the best reverse engineers you would assume that they would be of similar capability of the best public reverse engineers. Realistically though the time taken to reverse engineer most programs would be measured in hours and in a worst case scenario only needs to be done once for each version. If source code was available it would be measured in minutes. There are certain steps one can take to make people who bruteforce it to always have to reverse engineer the program with every encryption made, which could add a considerable percentage of time to a bruteforcing attempt . I don't know of any programs which do this though, yet.

-Jason-

 

Hi Jason,

what exactly is your personal view about encryption tools at the moment? Do you think they aren't safe at all or do you think they can protect you? Do you rely on such a software or not at all?

Regards,

Patrice

 

Jason --

So are these extra features that you are talking about only useful in a closed-source encryption program? I think (if I understand you correctly) that if they were in an open-source program, they would be useless. Is that right?

 

Hi guys sorry for the delay,

Patrice, yes there are quite a few public tools out at the moment which are pretty reasonable. Again the likelihood of any major corporation bruteforcing your encrypted DATA is low so these tools are very good for most people. I guess you can split people who want encryption into two groups, those who want to stop MOST people from accessing their data and those that want NO-ONE except themselves to be able to access it. The people that fall into the latter group are always trying to find the best ways to encrypt their data, while those in the former group could and should be happy with what is available now. Which group do you fall under , I guess you can tell what group I am in. Send me an IM and I will tell you more about what I use.

DSB, no, if open source included these techniques than the actual bruteforcing time would be the same as a closed source program that used the same techniques. However time taken to study what the closed program is doing compared to open source program would be hundreds of times greater and as I said before in some circumstances you can make the person who is after your data have to reverse engineer every encryption instead of just doing it ONCE for the program. To put this in easier to understand example, if I encrypted two sets of data to two seperate encrypted files, there are ways to make the person who has to bruteforce these two files have to reverse engineer BOTH encryptions not just one as every program out there now does it (to my knowledge if some programmer wants to put his hand up he can ) . So if you had 10 seperate encrypted files done in this manner it would be much harder to reverse engineer then 10 seperate encryptions from another program.

-Jason-

 

It is not a problem that all encryption methods can be bruteforced (except one-time pad equivalents). It's not a weakness, it's a very fundamental property of the concept of encryption.

Let's talk about bruteforcing, broken algorithms and broken implementations.

Bruteforce = Try all keys until you find the right one. Noteable is that the effort spent to find one key, cannot be reused to find another. You'll have to start all over again to bruteforce the next key.

Break an algorithm = Apply another algorithm or method that in one way or another enables you to find the key (or at least the plain text) without having to resort to bruteforce. An encryption where such an algorithm is found and the process of breaking it is no longer prohibitive costwise and timewise, is termed a broken algorithm.

Break an implementation = Usage of some specific fault or error in the implementation of an encryption system to forego the need of bruteforce. This is not the same as a faulty implementation of the actual encryption, there is always much supporting code wich might offer opportunities to an attacker. An implementation allowing such break is termed a broken implementation.

Noteable is that a broken implementation may be fixed, whilst a broken algorithm usually stays broken and is not fixable by slight tweaks.

Factoring a RSA key is _NOT_ bruteforcing it. That's breaking. It currently works for small keys - not for large ones - thus RSA is not yet broken.

Bruteforcing RSA is not really an option, although I guess a naive attempt could be made to try likely factors and multiply them to see if they happened to produce your 256-bit RSA key. This is of course not computationally feasible - that's why no one has bruteforced 256-bit RSA. But you can break a 256-bit RSA key.

You can factor a 256-bit number with low-cost hardware today, but that's a combination of more efficient factoring algorithms and mostly simply Moores law. More memory and faster CPU's. Not to be underestimated! Moores law is what reduced DES to history. It was never really broken (although some weaknesses were discovered), but 56 bits is not enough to withstand current hardware.

A really efficient method for factoring large integers will _break_ RSA - not allow bruteforcing any more than today. (By the way - you're factoring integers into primes, not factoring primes as stated in the qoute. That's easy! The factors of prime 'p' are 'p' and '1'. ;-)

A quantum leap in hardware technology capability might enable bruteforcing of current symmetric algorithms as well as RSA.

Please do not confuse assymetric cryptography with symmetric cryptography, also try to be precise in the usage of terms such as 'bruteforce'.

To illustrate the difference of the terms, using the mythical NSA capabilities as an example:

Can NSA _bruteforce_ AES-128 (or any other similar algorithm)? No, they cannot. Please do the math of what trying 2^128 number of keys really means before arguing about "we cannot know the extent of their capabilities".

Can they _break_ AES-128? That we cannot know. There are good reasons to think they cannot, but we certainly cannot be sure. Breaking AES-128 entails finding some weakness in the algorithm as such, enabling a quicker route to the plaintext than through bruteforce.

Can they _break_ a specific AES-128-based program? Most likely. Any complete program that is useful offers countless opportunities for key and data leakage that is likely to be exploitable by NSA or any other determined party. A trivial example might be a program that uses a dialogue to enter the passphrase that is remembered by windows in it's rather faulty cache. A real world example is when the Netscape SSL implementation was broken a few years back, due to naive generation of random numbers for the actual keys used.

Finally, can the NSA (or any other determined party) get your data if they have physical access to your computer? Yes, they can. There are many options here, from taps to electron microscopic examination of the disk surface to reveal overwritten data.

--

It is also very true that a large key-space, with the accompanying infeasability of performing a bruteforce attack, is in no way a guarantee of a secure algorithm. That's why one should always choose a well-known, respected and researched algorithm. The risk of the algorithm being broken is then reduced - because many have already tried and failed.

To summarize: Differentiate between bruteforceing keys and breaking algorithms and implementations. Never compare symmetric key-lengths with assymetric key-lengths. They are different things.

Best regards,

Svante

 

svante, thank you for coming here to this board and shining a little light. there appear to be a few that write like experts but know little more than the terminology which they often have all wrong. it helps to have someone who knows what they are talking about show up. i know quite a bit about this topic and you are correct in all that you write. thanx