Go Back   AnandTech Forums > Software > Software for Windows

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals
· Free Stuff
· Contests and Sweepstakes
· Black Friday 2013
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 11-29-2012, 02:05 PM   #1
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default general encryption question

I currently use KeePass to store all of my passwords and am investigating using TrueCrypt to protect my data. As I was reading thorugh the documentation for both KeePass and TrueCrypt, I had a question:

Aren't these encryption tools only as safe as the master password you use to unlock them? For example, the documentation for KeePass says the following:


KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

Isn't the weak point always going to be the master password used to secure the encrypted database, and not the encryption itself? Why should it matter what encryption the database uses if a hacker can just crack the master password protecting it using brute force or some other method?

In other words, what is the encryption really protecting me from? It seems a non-encrypted database with a strong password would be much more secure than an encrypted database with a weak password, provided of course that the data in the non encrypted database wasn't stored in plain text format, otherwise the hacker could just open the database in a hex editing utility and access the protected data that way.

What am I missing here?
Special K is offline   Reply With Quote
Old 11-29-2012, 02:12 PM   #2
lxskllr
Lifer
 
lxskllr's Avatar
 
Join Date: Nov 2004
Location: Somewhere over the rainbow
Posts: 36,614
Default

Quote:
Originally Posted by Special K View Post

In other words, what is the encryption really protecting me from? It seems a non-encrypted database with a strong password would be much more secure than an encrypted database with a weak password, provided of course that the data in the non encrypted database wasn't stored in plain text format, otherwise the hacker could just open the database in a hex editing utility and access the protected data that way.

What am I missing here?
I think this is the answer. A lot of stuff you want private would be retrievable without a terrible amount of difficulty. If you're cognizant enough to use encryption, it's assumed you're using a better password than "password". You're right that a crappy password is easily breakable, but a great password protecting encryption is unbeatable barring extraordinary measures.
lxskllr is offline   Reply With Quote
Old 11-29-2012, 02:24 PM   #3
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default

Quote:
Originally Posted by lxskllr View Post
I think this is the answer. A lot of stuff you want private would be retrievable without a terrible amount of difficulty. If you're cognizant enough to use encryption, it's assumed you're using a better password than "password". You're right that a crappy password is easily breakable, but a great password protecting encryption is unbeatable barring extraordinary measures.
Right, it just seems like the password is what's really providing the protection, not the encryption. That just makes me wonder: why have the encryption in the first place?

I don't know anything about database design, but if an unencrypted, password-protected database with data stored in binary format is easy to parse using a hex editor and/or some other unconventional method (i.e. bypassing the database's native application and password protection), then I suppose I could see the point of encrypting the database to protect against those types of attacks.

Even in that case though, it seems the encryption would only be useful if the master password protecting the database were at least as difficult to crack as the encryption itself, otherwise a would-be hacker would simply try to crack the password protecting the database rather than try to access the data directly using some other method that bypasses the password.
Special K is offline   Reply With Quote
Old 11-29-2012, 02:28 PM   #4
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by Special K View Post
Right, it just seems like the password is what's really providing the protection, not the encryption. That just makes me wonder: why have the encryption in the first place?

I don't know anything about database design, but if an unencrypted, password-protected database with data stored in binary format is easy to parse using a hex editor and/or some other unconventional method (i.e. bypassing the database's native application and password protection), then I suppose I could see the point of encrypting the database to protect against those types of attacks.

Even in that case though, it seems the encryption would only be useful if the master password protecting the database were at least as difficult to crack as the encryption itself, otherwise a would-be hacker would simply try to crack the password protecting the database rather than try to access the data directly using some other method that bypasses the password.
If you're fine with your data just being obfuscated to keep it from those who don't really care to steal it, then sure. But an encrypted database will always be better because they still have to bruteforce the password to decrypt it before they can begin to use the tools to display the binary data. Do you also think that painting a lock on your front door would be good enough security?

Choosing a poor password like 'cat' is always a bad idea, regardless of the application of the password.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 11-29-2012, 02:36 PM   #5
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default

Quote:
Originally Posted by Nothinman View Post
If you're fine with your data just being obfuscated to keep it from those who don't really care to steal it, then sure. But an encrypted database will always be better because they still have to bruteforce the password to decrypt it before they can begin to use the tools to display the binary data. Do you also think that painting a lock on your front door would be good enough security?

Choosing a poor password like 'cat' is always a bad idea, regardless of the application of the password.
In the case of TrueCrypt, all that is required to mount an encrypted volume is to enter the master password. Once that has been done, all of the data held in the volume is available for access in its unencrypted format. The same is true for KeePass - once the master password has been entered, all user names, passwords, etc. are available in plain text format.

In these two instances, what benefit is the encryption providing above and beyond the master password?
Special K is offline   Reply With Quote
Old 11-29-2012, 02:39 PM   #6
lxskllr
Lifer
 
lxskllr's Avatar
 
Join Date: Nov 2004
Location: Somewhere over the rainbow
Posts: 36,614
Default

Quote:
Originally Posted by Special K View Post
In these two instances, what benefit is the encryption providing above and beyond the master password?
It's preventing forensic tools from being used to look at your data. A password is fine for say a coffee shop, where physical access is brief and limited. The password could be bypassed though, if someone has the whole machine, or hd. Encryption will prevent someone with unlimited access from accessing your data.
lxskllr is offline   Reply With Quote
Old 11-29-2012, 02:59 PM   #7
theevilsharpie
Platinum Member
 
Join Date: Nov 2009
Location: Southern California
Posts: 2,290
Default

Quote:
Originally Posted by Special K View Post
Right, it just seems like the password is what's really providing the protection, not the encryption. That just makes me wonder: why have the encryption in the first place?
Imagine that an encrypted data store is a bank vault, and the door to the vault is the master password. Removing the encryption while keeping the password is like removing the walls of the vault while keeping the door in place. Yeah, the door is still there, but no one cares about the door; they want the contents of the vault.

A password on an unencrypted data store is completely pointless, as anyone can bypass whatever method controls access and get at the data directly.
theevilsharpie is offline   Reply With Quote
Old 11-29-2012, 03:13 PM   #8
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default

Quote:
Originally Posted by theevilsharpie View Post
Imagine that an encrypted data store is a bank vault, and the door to the vault is the master password. Removing the encryption while keeping the password is like removing the walls of the vault while keeping the door in place. Yeah, the door is still there, but no one cares about the door; they want the contents of the vault.

A password on an unencrypted data store is completely pointless, as anyone can bypass whatever method controls access and get at the data directly.
Thanks, that analogy makes sense. I guess that does support my previous statement that the master password needs to provide protection comparable to that of the encryption in order for both to be effective.

Having said that, if my KeePass database uses AES+twofish encryption but I use a 10 character master password to protect it, is there any way the master password could provide protection comparable to the encryption? It seems like it would be much easier to crack a 10 character password than it would be to bypass the password and try and break the AES + twofish encryption to access the data.
Special K is offline   Reply With Quote
Old 11-29-2012, 03:20 PM   #9
theevilsharpie
Platinum Member
 
Join Date: Nov 2009
Location: Southern California
Posts: 2,290
Default

Quote:
Originally Posted by Special K View Post
Thanks, that analogy makes sense. I guess that does support my previous statement that the master password needs to provide protection comparable to that of the encryption in order for both to be effective.

Having said that, if my KeePass database uses AES+twofish encryption but I use a 10 character master password to protect it, is there any way the master password could provide protection comparable to the encryption? It seems like it would be much easier to crack a 10 character password than it would be to bypass the password and try and break the AES + twofish encryption to access the data.
You're right, it would be easier to crack.

That's why you don't use 10-character passwords
theevilsharpie is offline   Reply With Quote
Old 11-29-2012, 03:27 PM   #10
lxskllr
Lifer
 
lxskllr's Avatar
 
Join Date: Nov 2004
Location: Somewhere over the rainbow
Posts: 36,614
Default

Quote:
Originally Posted by Special K View Post
It seems like it would be much easier to crack a 10 character password than it would be to bypass the password and try and break the AES + twofish encryption to access the data.
Not sure I understand. If someone breaks your password, the magic encryption doors open up. What I /think/ you're saying is a password is weaker than the underlying encryption, and that's true. A password can only be so complex before you forget what it is. An awesome password would be taking the bible, starting in the middle, and alternating all the words back and forth until you get to the ends. Great password, not very memorable. You have to use your best judgment for what you can remember, and strength desired. It's an imperfect system, but it's the best we've got.
lxskllr is offline   Reply With Quote
Old 11-29-2012, 03:31 PM   #11
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default

Quote:
Originally Posted by theevilsharpie View Post
You're right, it would be easier to crack.

That's why you don't use 10-character passwords
Well a 10 character password could still be ~100^10 combinations (more if you count symbols and upper ANSI characters, I'm just using 100 as a nice round number), although that number would drop dramatically if the password was a dictionary word or some other easily-guessable word or derivation.

Is there any way to equate a password's effectiveness with a particular encryption method, i.e. "this 10 character password provides equivalent protection to 64-bit AES encryption" or something like that?

Last edited by Special K; 11-29-2012 at 03:58 PM.
Special K is offline   Reply With Quote
Old 11-29-2012, 03:35 PM   #12
Chiefcrowe
Diamond Member
 
Chiefcrowe's Avatar
 
Join Date: Sep 2008
Posts: 3,432
Default

In an ideal world you'd have to use two factor or more authentication to unlock your encrypted files, or in Keepass have it use a password plus a keyfile. That would be quite secure.
Chiefcrowe is offline   Reply With Quote
Old 11-29-2012, 03:39 PM   #13
theevilsharpie
Platinum Member
 
Join Date: Nov 2009
Location: Southern California
Posts: 2,290
Default

Quote:
Originally Posted by Special K View Post
Is there any way to equate a password's effectiveness with a particular encryption method...
No. They're different things. Going back to our bank vault analogy, you've just asked if there's any way the vault key can provide equivalent protection to the vault walls.
theevilsharpie is offline   Reply With Quote
Old 11-29-2012, 03:57 PM   #14
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default

Quote:
Originally Posted by lxskllr View Post
Not sure I understand. If someone breaks your password, the magic encryption doors open up. What I /think/ you're saying is a password is weaker than the underlying encryption, and that's true. A password can only be so complex before you forget what it is. An awesome password would be taking the bible, starting in the middle, and alternating all the words back and forth until you get to the ends. Great password, not very memorable. You have to use your best judgment for what you can remember, and strength desired. It's an imperfect system, but it's the best we've got.
Right, what I meant was that in the case of TrueCrypt and KeePass, and presumably many other encryption programs, if someone cracks your master password, all of the protected data is available in plain text format. The encryption is useless at that point.

The encryption is only helpful for protecting against indirect attacks that bypass the password and standard methods of access, correct?

Last edited by Special K; 11-29-2012 at 05:47 PM.
Special K is offline   Reply With Quote
Old 11-29-2012, 04:55 PM   #15
BrightCandle
Diamond Member
 
BrightCandle's Avatar
 
Join Date: Mar 2007
Posts: 3,682
Default

In order to be able to decrypt something that has been encrypted there must be something you know that no one else does. Right now passwords are that fact.

Rather than hacking the password however its important to realise its just easy to beat the password out of you. If they ever make it fingerprint, retina scan etc that just takes the brutality to another level.
__________________
i7 3930k @4.4, 2xMSI GTX 680, 16GB Corsair 2133 RAM, Crucial m4 500GB, Soundblaster Z
Custom watercooled by 2x MCR 320 and 1 MCR 480
Zowie Evo CL EC2, Corsair K70, Benq XL2411T
BrightCandle is offline   Reply With Quote
Old 11-29-2012, 07:10 PM   #16
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by Special K View Post
Right, what I meant was that in the case of TrueCrypt and KeePass, and presumably many other encryption programs, if someone cracks your master password, all of the protected data is available in plain text format. The encryption is useless at that point.

The encryption is only helpful for protecting against indirect attacks that bypass the password and standard methods of access, correct?
The encryption is never useless, it's doing its job regardless of the password. If you chose a poor key, that's on you. If 1 level of protection isn't enough for you there are other options like multiple levels of encryption (e.g. Keypass DB in a TrueCrypt file) or 2 factor authentication if the app supports it.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 11-29-2012, 10:25 PM   #17
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default

Quote:
Originally Posted by theevilsharpie View Post
No. They're different things. Going back to our bank vault analogy, you've just asked if there's any way the vault key can provide equivalent protection to the vault walls.
OK, here's what I was thinking of (notice the quality bar below measured in bits):


After doing some searching, it seems that Quality bar corresponds to the entropy of the password:

http://en.wikipedia.org/wiki/Password_strength (scroll to the section titled "Entropy as a measure of password strength".

Last edited by Special K; 11-29-2012 at 10:28 PM.
Special K is offline   Reply With Quote
Old 11-29-2012, 10:29 PM   #18
lxskllr
Lifer
 
lxskllr's Avatar
 
Join Date: Nov 2004
Location: Somewhere over the rainbow
Posts: 36,614
Default

lxskllr is offline   Reply With Quote
Old 11-30-2012, 12:04 AM   #19
beginner99
Platinum Member
 
Join Date: Jun 2009
Posts: 2,073
Default

Quote:
Originally Posted by BrightCandle View Post
Rather than hacking the password however its important to realise its just easy to beat the password out of you. If they ever make it fingerprint, retina scan etc that just takes the brutality to another level.
exactly.

However a very secure (or clever) system should always offer the option for a "false" password that seems to work correctly for the attacker and show content but it actually just shows some fake content. The attacker then thinks he has what he wanted and lets you alone...(in the ideal world, in the real world you might just catch a bullet ).

But OP is right, the password is the insecure part.

I'm not sure if I'm wrong but it seems safer to use the same (complex) password everywhere instead of such a "password keeper". In both cases only 1 password must be cracked and in the later the App also show the attacker exactly were to look for stuff, eg for which websites and application you are registered.

Last edited by beginner99; 11-30-2012 at 12:09 AM.
beginner99 is offline   Reply With Quote
Old 11-30-2012, 12:07 AM   #20
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default

Quote:
Originally Posted by beginner99 View Post
exactly.

However a very secure (or clever) system should always offer the option for a "false" password that seems to work correctly for the attacker and show content but it actually just shows some fake content. The attacker then thinks he has what he wanted and lets you alone...(in the ideal world, in the real world you might just catch a bullet ).
Right. TrueCrypt has a "plausible deniability" feature for just that purpose:

http://www.truecrypt.org/docs/?s=plausible-deniability
Special K is offline   Reply With Quote
Old 11-30-2012, 11:45 AM   #21
Chiefcrowe
Diamond Member
 
Chiefcrowe's Avatar
 
Join Date: Sep 2008
Posts: 3,432
Default

I think that your premise of using the same complex password everywhere is not a good one and here is why:
If somehow the password were to be leaked or broken into as a result of being stored in an insecure fashion on a website, then you're screwed. I think it's best to use a unique password in as many places as possible.


Quote:
Originally Posted by beginner99 View Post
exactly.

However a very secure (or clever) system should always offer the option for a "false" password that seems to work correctly for the attacker and show content but it actually just shows some fake content. The attacker then thinks he has what he wanted and lets you alone...(in the ideal world, in the real world you might just catch a bullet ).

But OP is right, the password is the insecure part.

I'm not sure if I'm wrong but it seems safer to use the same (complex) password everywhere instead of such a "password keeper". In both cases only 1 password must be cracked and in the later the App also show the attacker exactly were to look for stuff, eg for which websites and application you are registered.
Chiefcrowe is offline   Reply With Quote
Old 11-30-2012, 12:03 PM   #22
Special K
Diamond Member
 
Join Date: Jun 2000
Posts: 7,026
Default

Quote:
Originally Posted by beginner99
I think that your premise of using the same complex password everywhere is not I'm not sure if I'm wrong but it seems safer to use the same (complex) password everywhere instead of such a "password keeper". In both cases only 1 password must be cracked and in the later the App also show the attacker exactly were to look for stuff, eg for which websites and application you are registered.
I originally switched to KeePass because my gmail account was hacked. At that time, I was using the same password everywhere, password rules permitting. Most likely what happened was one of my forum accounts was hacked, giving the hacker access to my password and registered email address. I'm not sure how secure forum software is, or how user information is stored in its database, but I think it's far more likely my information was stolen from there rather than a bank, for example.

You are correct that with a password manager all that stands between a hacker and all of my secure information is a single password. Yet I actually feel more secure with the password manager becuase the only place I ever enter my master password is at my home computer or on my smart phone. If I were to put the KeePass database inside a TrueCrypt volume (not sure if TrueCrypt supports android yet), that would add yet another layer of protection.

No security system is perfect, but I feel safer with the system I have now than the one I had before.
Special K is offline   Reply With Quote
Old 11-30-2012, 12:15 PM   #23
Chiefcrowe
Diamond Member
 
Chiefcrowe's Avatar
 
Join Date: Sep 2008
Posts: 3,432
Default

Since your gmail was hacked, have you considered turning on 2 factor authentication for the account? Should be a lot safer.



Quote:
Originally Posted by Special K View Post
I originally switched to KeePass because my gmail account was hacked. At that time, I was using the same password everywhere, password rules permitting. Most likely what happened was one of my forum accounts was hacked, giving the hacker access to my password and registered email address. I'm not sure how secure forum software is, or how user information is stored in its database, but I think it's far more likely my information was stolen from there rather than a bank, for example.

You are correct that with a password manager all that stands between a hacker and all of my secure information is a single password. Yet I actually feel more secure with the password manager becuase the only place I ever enter my master password is at my home computer or on my smart phone. If I were to put the KeePass database inside a TrueCrypt volume (not sure if TrueCrypt supports android yet), that would add yet another layer of protection.

No security system is perfect, but I feel safer with the system I have now than the one I had before.
Chiefcrowe is offline   Reply With Quote
Old 11-30-2012, 12:35 PM   #24
Gooberlx2
Lifer
 
Gooberlx2's Avatar
 
Join Date: May 2001
Location: Denver, CO
Posts: 14,337
Default

Quote:
Originally Posted by Special K View Post
It seems like it would be much easier to crack a 10 character password than it would be to bypass the password and try and break the AES + twofish encryption to access the data.
When you start making complex passwords that are, say, 24 characters long, mixed case, using alphanumeric and special characters, it's going to take any brute forcing tools ages to break (until parallel/quantum computing is a reality...and affordable).

Take a phrase: "Clifford the big red dog is huge!" and turn it in to cliff0rDth#biGr#dd0GiShug#!.

That's 27 mixed alphanumeric and special characters, and still easy to remember. All I did was capitalize the last letter of each word and substitute o=0, e=# -- but I'd say that's a pretty secure password. According to the tool here, at 17 billions tries per hour per machine, it would take ~1.81 Quintillion years to crack with 100,000 machines processing.

As mentioned, enabling two-factor authentication for your google account will improve its security. Most bank websites I've used require this.

Last edited by Gooberlx2; 11-30-2012 at 12:59 PM. Reason: didn't realize calc app wouldn't take very large numbers
Gooberlx2 is online now   Reply With Quote
Old 11-30-2012, 12:38 PM   #25
beginner99
Platinum Member
 
Join Date: Jun 2009
Posts: 2,073
Default

Quote:
Originally Posted by Chiefcrowe View Post
I think that your premise of using the same complex password everywhere is not a good one and here is why:
If somehow the password were to be leaked or broken into as a result of being stored in an insecure fashion on a website, then you're screwed. I think it's best to use a unique password in as many places as possible.
Well if someone steals my password I have here, how would he know on which other sites I have accounts? And why would that hacker guy concentrate on my accoutn in the first place?

Quote:
Originally Posted by Special K View Post
I originally switched to KeePass because my gmail account was hacked. At that time, I was using the same password everywhere, password rules permitting. Most likely what happened was one of my forum accounts was hacked, giving the hacker access to my password and registered email address. I'm not sure how secure forum software is, or how user information is stored in its database, but I think it's far more likely my information was stolen from there rather than a bank, for example.

You are correct that with a password manager all that stands between a hacker and all of my secure information is a single password. Yet I actually feel more secure with the password manager becuase the only place I ever enter my master password is at my home computer or on my smart phone. If I were to put the KeePass database inside a TrueCrypt volume (not sure if TrueCrypt supports android yet), that would add yet another layer of protection.

No security system is perfect, but I feel safer with the system I have now than the one I had before.



While i said i use the same password everywhere I don't. But for anonymous forums like this and others it's just easier to have 1 common password. And what to I care if someone steals my account here?

There are 2 important passwords: The one for online banking and the one for your email. Because in the email the attacker will potential see on which forums etc, you are registered and can just let the site send a new password.
(ok you can also add other stuff like facebook. Don't want that to be hacked easily)

My email is different, this is a no brainer, I mean anyone could setup a forum and then read out email address and password and check if they match or in the case the site is hacked, thats probably what the attacker will try...


And online banking is a no brainer too, obviously. But there you have additional measures.
beginner99 is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:28 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.