$300 tool can decrypt PGP

[craig6928]

now this is a good read.

looks like russia has everything now to decrypt all information.

$300 tool can decrypt PGP, TrueCrypt files without a password i wonder where you can buy it from.
of course the usa wont like anyone dealing with russia as its a no no .



Russian company ElcomSoft today threw their grey hat firmly into the top-secret ring of internationally important security companies. Though the actual innovation is quite simple, the company today announced a $500 piece of hardware that could change the face of electronic security for some time to come.

For decades, the conventional wisdom has been that data can be secured. Though the Second World War was practically defined by the ongoing quest to achieve truly invulnerable communication, it took us until the early nineties to figure it out for the internet age: Phil Zimmerman’s Pretty Good Privacy (PGP). Since 1991, PGP has been the foundation of computer cryptography, and has spawned a number of successors and competitors like TrueCrypt and BitLocker. It was widely assumed to be unbreakable — and it is.

PGP has not been broken, but with their latest gadget ElcomSoft has brought an age-old loophole to the masses. As the company’s CEO Vladimir Katalov explains, their “hack” is a physical retrieval of the user’s private key – the one thing keeping their information secure – from some portion of the system’s RAM. Once the unit is powered down, the RAM is wiped, and the key is gone. As a result, simple vigilance is enough to close this loophole; the user simply has to power down their computer when not in use, and refuse to let the password be held in memory.

The RAM-scrubbing approach to password finding has been used by forensic examiners for years now, along with criminal hackers and (presumably) the covert sections of government. In the past, these invaders required significant expertise to build their own versions of ElcomSoft’s device. It was an expensive and meticulous process, and ElcomSoft has simply made it available to a much wider target audience.

It’s important to note that this is a mostly superfluous invention for ongoing monitoring of a target, since if the hacker can physically touch their adversary’s machine there are already several cheaper ways to keep watch. From keystroke-loggers to taps on monitor cables, it’s much easier to watch a person than it is to investigate their encrypted past. ElcomSoft’s latest release makes such trawling not just possible, but accessible to all.

[HaQue]

it is interesting, for sure.

"looks like russia has everything now to decrypt all information." I don't think PGP and TrueCrypt is anywhere near all information.

No corporate entity is going to be using TrueCrypt, and no civilian should either. And PGP has so many annoying issues it is too easy to get something wrong, and there aready has been a mass of work done attacking it.
2012 SANS put out a whitepaper: Attacks on PGP: A Users Perspective, and there is may articles like: 15 reasons not to start using PGP http://secushare.org/PGP

I don't think any significant amount of people use either. I was interested in this so I tried to find a study that listed some kind of statistics on what encryptoion schemes are being used along with percent of the "encryption market" it is holding.

My google-fu didn't turn up anything too specific, most searches about percent and encryption just focused on who was using it and who wasn't.. like encryption is just encryption..

the one paper that went into it deep is here: http://cryptome.org/cpi-survey.htm and titled "Growing development of Foreign Encryption Products in the Face of U. S. Export Regulations" from 1999. it is pretty in depth, a modern version of this paper would be awesome.

[Dmitri]

of course the usa wont like anyone dealing with russia as its a no no

Yes, that's exactly why all PC-3000 owners in the US have been extradited to Cuba and Zimbabwe.