I'm working on loop-aes disk decrytion, there are 2 main jobs:
Detection
Decryption
Regarding to #1, the approach is to base on the header of encrypted drives, looking for a pattern that is same for every loop-aes encrypted drives -> however this is failed since the header is changed constantly depends on the gpg key.
I tried googling however there is rarely topic to detect loop-aes. Just ask if anyone got some ideas that could help me?
Thank and have a good day!
Related
I'm looking for a tool or method to prove the authenticity of resources download from the web and stored locally. To be clear: I don't mean the SHA or MD5 checksums to verify a downloaded file. What I need is a way to download and store a web resource in such a way that I can later prove that said resource indeed originated from that web server.
In particular for the following scenario: A website published an article about a client. He would like to sue for defamation of character. I need a way to store the article without them having the possibility of simply removing it and denying they ever published it. So preferably this would be a tool that is backed by publications making it credible in court.
I have thought about storing the TLS certificate, keys and the encrypted data. That would rely on the root CA, but I think that would in itself not be a problem. I could do this using a custom program and a library like OpenSSL, but I think this is such a common problem, there probably is a relatively standard tool for it. Also, I am not entirely sure to what extent this would constitute reliable evidence. And can someone point to publications that would back this method?
Maybe I am using the wrong search terms, but everything I find is about aforementioned SHA or MD5 checksums. Any help is much appreciated.
If I understand correctly you need something like signature with timestamp. Yes?
You not only need checksum from document (article, text value, whatever) but also proof that this article really existed in time.
When using digital signature you can store such timestamp in 3rd party certified providers. You sign document and send checksum to 3rd party provider. Later you can ask provider to verify that this exact document is valid & was indeed created at given time.
https://en.wikipedia.org/wiki/Trusted_timestamping
As this can cost (fee for provider to store the timestamps) you can create checksums from many documents (like take all documents from one hour), store all of them in a single file, create checksum from that file and sign it with timestamp. This way you create one timestamp for documents batch, not for each document.
I've found something strange with my employee document, it turns out that all files including document are being encrypted with ".vvv" extension. What I've found so far that it's called TeslaCrypt, it convert all my files to .vvv, even I rename it back to the right extension, it says that file already modified, so I can't open the files anymore. Please help, we cannot work until that document can be oppened. I can't tag this to "TeslaCrpyt" so if anyone can help me tagged it, it would be great.
content on how to recover :
What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
How did this happen ?
---Specially for your PC was generated personal RSA-4096 KEY, both public and private.
---ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BTC NOW, and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. http://vr6g2curb2kcidou.encpayment23.com/E03029AB7D9A9D38
2. http://vr6g2curb2kcidou.expay34.com/E03029AB7D9A9D38
3. http://psbc532jm8c.hsh73cu37n1.net/E03029AB7D9A9D38
4. https://vr6g2curb2kcidou.onion.to/E03029AB7D9A9D38
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: vr6g2curb2kcidou.onion/E03029AB7D9A9D38
4. Follow the instructions on the site.
IMPORTANT INFORMATION:
Your personal pages:
http://vr6g2curb2kcidou.encpayment23.com/E03029AB7D9A9D38
http://vr6g2curb2kcidou.expay34.com/E03029AB7D9A9D38
http://psbc532jm8c.hsh73cu37n1.net/E03029AB7D9A9D38
https://vr6g2curb2kcidou.onion.to/E03029AB7D9A9D38
Your personal page (using TOR-Browser): vr6g2curb2kcidou.onion/E03029AB7D9A9D38
Your personal identification number (if you open the site (or TOR-Browser's) directly): E03029AB7D9A9D38
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
I've published a decryption tool on GitHub: https://github.com/googulator/teslacrack
This tool cryptographically breaks the encryption scheme of TeslaCrypt, and so doesn't require a saved master key. However, it's quite computationally intensive, so preferably use a fast computer, and even then, expect to wait up to a week for it to recover your key (although most keys can be found in just a few hours). Also, it's more of a PoC than a user-friendly turnkey decryptor, so you will need to do many things by hand.
I got hit by TeslaCrypt and all of the solutions (Cisco's Decrypt Tool, Shadow Explorer) did not work for me. Unrelated, I was sniffing around some articles on Ubuntu and found BloodDolly's Tesla Decrypter tool that actually work and my files are being restored as I write this. So just wanted to share since it didn't come up in any of my earlier searches.
It's a handful a steps,...I had no problems whatsoever with the process. Apparently this won't work for the most recent strain,...I had .vvv and had to factor primes with Yafu,...but the documentation and the software is pretty thorough and easy to follow. Took me 15-20 minutes from start to finish.
http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-decrypt-exx-ezz-ecc-files-encrypted-by-teslacrypt/
Anyway, hope this helps some folks.
I'm running rpcapd on a Raspberry which serves as a WiFi access point to trace/sniff network traffic by WiFi users.
I can run rpcapd in null authentication mode and access the interfaces from my windows machine using wireshark and it works perfect.
However, I'd like to expose these capture interfaces to multiple users and i thought it might be good to not use null authentication but have at least a little barrier for unwanted users.
If i don't use the "-n" argument, what is the user/pass? I searched Google but i can not really find a source which leads me to the answer.
I tried creating a second user which has a password and ran rpcapd from this users but still if i use these users Linux credentials, wireshark tells me it can not find any interfaces. When i re-run rpcapd with the -n argument everything works.
So... i must have overseen something!? What is the username and password for non null authentication operation or where can i specify one?
Thanks a lot!
Let me know if you need further info to help. Thanks!
When not using RPCAP_RMTAUTH_NULL authentication it will instead use the other type, RPCAP_RMTAUTH_PWD : https://www.winpcap.org/docs/docs_412/html/group__remote__auth__methods.html
And according to some old copy of the manual I found (ftp://ftp.tuwien.ac.at/.vhost/winpcap.polito.it/301a/docs/group__remote__auth__methods.html) which helpfully listed code references : "Referenced by daemon_checkauth(), and rpcap_sendauth()."
..which leads us to to the code that does the authentication : ftp://ftp.tuwien.ac.at/.vhost/winpcap.polito.it/301a/docs/daemon_8c-source.html#l00626
I downloaded the source (http://www.winpcap.org/install/bin/WpcapSrc_4_1_3.zip) to check it was still current and found in file "wpcap\libpcap\rpcapd\daemon.c" the current information for "daemon_AuthUserPwd" which shows not much has changed.
Hope this helps :-)
I wonder if someone might be able to help us or offer some advice. We are a Java focused team, and are looking at extending our in house Authentication service, to offload most of the authentication , to use an LDAP server. That way we can simply use an out of the box password policy, which meets our criteria, plus we can use stuff such as replication etc. We are investigating which is the best free LDAP server to use.
So far we have investigated :
OpenLDAP (We found this is written in C, and documentation is not all that great).
Apache DS (We found this is good, but has a basic password policy. Mainly it does not seem to be extendable to fit one of our requirements (that the password policy should enforce mixed case characters, etc etc). This is surprising as the basic config options are ofcourse supported, eg. minimum length of password, maximum retries before being locked out etc etc.
Sun OpenDS (This fits all our needs, but no longer seems to be supported??. Please advise us if this assumption is wrong?It has great support for Password Validators, so that we can handle enforcement of mixed case passwords etc etc).
Oracle Unified Directory - This is the SUN DS server which is supprted. However, Oracle Unified Directory is not free unfortunately.
So, basically the question is 2 fold :
(1) Does anyone know how to extend the passowrd policy on Apache DS, such that we can support mixed case character enforcement. eg password must contain a mix of upper case and lower case chars aswell as atleast one digit etc etc. Or is this out of the box? I personally couldnt find any documentation on it?
(2) Does anyone know of any good and free LDAP servers that support this sort of stuff. Any ideas please?
Many Thanks,
R
After all of this, we finally found 389ds (ironically the last one we investigated). This we found was the best (for our needs anyway). The reason is that, it is has a great administration UI, does everything we need to do out of the box, plus, best of all, it is available in a costed option under RedHat. We didnt take the supported option, but nonetheless, as it is supported by RedHat, the documentation , we found was superb. Therefore, we felt confident that everything we needed to do wasexplained 100% rather than with some of the others, was half explained on some unmaintained wiki. So we advise all to look at 389ds.
I know ApacheDS doesn't support any extensions for ppolicy checks, can you file a feature request on ApacheDS's JIRA? We might try to get this included in the upcoming release.
I have filed this request https://issues.apache.org/jira/browse/DIRSERVER-1858
You should look at the http://forgerock.com/ OpenDJ which is an active and supported if you subscribe spin from OpenDS.
-jim
In my program, I have a simple login prompt so that only certain users may enter a program, as well as make the program function differently depending on the user. What I would like to do is have the information for the user login information (username, password, etc.) securely stored without going through an online database. I know that using a text file to store this information is a very bad idea, and I'm sure there is an easier way to do this than to make an array of this login information internally inside my program. Could you all give me some suggestions of a way to do this?
Hashes are what you need. Paste a hash-making function into your code, MD5 functions are available online for all major platforms. Then store your pairs of hashes in your config file. Devise a clever way to combine a password with your admittance options into another hash so that the file is edit-proof. This way, you can distribute the account configuration and if you don't make a trivial cryptographic mistake, it will work just as you want.
Example of the config file line (hashes truncated to 6 chars for clarity):
1a2b3c print;search;evaluate 4d5e6f
Here, 1a2b3c is obtained as MD5(username.Text+verysecret), the verbs are the account's rights and 4d5e6f is obtained as MD5(line[1]+verysecret+password.Text) where line[1] is the split result of the config line where the verbs are stored and the rest is the user's password.
Note how the password gets automatically salted by the verbs and how the verbs are protected against editing because that would invalidate the password hash. The verysecret constant is something hidden in your executable code that will prevent anybody from computing the hashes and unlocking the program.
Hashing is not an asymmetric cipher or key pair; a motivated attacker can crack your program to bypass protection altogether anyway, so going to further lengths is useless.
If you are cheap to find an asymmetric scheme, but cunning enough, you can change a few initialization constants in that MD5 function. This will make the cracking of your code harder, especially against the making of a counterfeit account file.
EDIT: When authenticating, don't just if(hashfromconfig == computedhash)... Script kiddies know how to hook into the string comparison function. Write if(MD5(hashfromconfig) == MD5(computedhash))... instead... Then the string comparison will work just as before, only it will not see your precious key hash that goes into a wannabe-counterfeit file. Ideally, have several versions of the MD5 function scattered across your code and named differently. Use if(foo(hashfromconfig) == bar(computedhash))... for a nice effect.
"without going through an online database." - do you mean on the client side?
"securely stored" and "client side" are pretty much mutually exclusive terms in this scenario.
There is absolutely no way to securely store data without touching online (server-side) source of some kind. If you are touching server-side source, it might as well be a DB.