Cyber Security Expo
 
Defeating Encryption by John Bambenek on 22/11/04

There is no dispute about the need for strong encryption, particularly for privileged communications. There is no way to have a high level of assurance that the entire path between endpoints of a message is secure, so the message has to be hidden in transit. While brute-force decryption is possible, modern forms of encryption have made this process too long to be valuable.

However, there is still risk if the endpoints of the communication are vulnerable. Eventually the encrypted message needs to be decrypted in order to be useful, and that process happens at the endpoints of the communication. The problem is, if the endpoints are compromised, the entire message can be stolen even if the plaintext message is not stored on a file on the system.

Using some commodity UNIX tools, it is trivial to see plaintext messages, in real-time, as they are sent or received by a system. The following is a crude methodology to accomplish this, leaving to more creative and motivated minds to develop tools to accomplish this in a much more clean fashion.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.