This document discusses the illusion of protection from encrypting files and transmitting passwords. It argues that large organizations are high-profile targets, and personal and business information is at risk from well-funded enemies and skilled hackers. Password generation is challenging, and rules intended to strengthen passwords may actually reduce security by limiting possibilities. The document advocates random passwords or password generation services as more secure options. It also outlines how passphrase-based encryption of documents works at a high level.

1. The Illusion of protection
(commentary on passing encrypted
data via files)

2.  Anywhere in US = high profile target
 Large Organizations have a large target profile
 Example: With 50,000 users, SOMEONE is going to
have the password: *1Passw0rD*
 Access to home machines gives access to work
most of the time
 Personal AND business information at risk

3.  Well-funded enemies of the state
 International Criminal Organizations
 State-sponsored enemies
 Hackers with almost unlimited free time
 Anonymous / Lulz Sec
 Logistics for all
 Corporate Resourcing for Hire
 Cloud Services – AWS, Google Cloud, etc.
 Each generation has a knowledgebase upon which to build
 Our children have access to more knowledge than ever before in
history
 Distribution channels for new attacks
 Internet – fastest distribution methodology history has known

4.  Generating a random password is harder than it looks
 Randomness does not occur naturally in language
 (English language entropy [sensible language] – 1.5 bits/character)
 Password generation algorithms are patterns
 Pick a word/phrase and mix it up
 n0tY0urP@ssw0rd - Letme!n123 - P@tri0tsRule!!
 Mash the keyboard in a pattern
 1234!@#$qwerQWER - 12qw!@QW
 Password Complexity Rules just limits the usable algorithms
 E.g. cat*town_horse_buddy;itself”computer-
drapes%query_limits^yuletide@notices
 Strong passwords don’t always meet complexity rules (no caps, no numbers!)
 Rules and patterns severely limit search space
 Hackers don’t have to test millions of passwords that don’t meet the
complexity criteria
 True randomness doesn’t have rules
 Rules give hackers too much information about the password

5.  Secure password transmission
 Recommendation #1 – Users should transmit passwords over alternate medium
 Assumption is that if someone can get the document, they can also get the email.
 The level of risk already inherent in the transmission
 Passwords should not be written down, even in emails
 Key changes should be done with all personnel changes (minimum)
 Encoding passwords to be easy to remember
 Train users to get random!
 Five RANDOM common words (tomboy, skateboard, caterpillar, the, mouse)
 Estimated 55 bits of entropy based on a working vocabulary of 2048 words
 Add entropy with personal rules of insertion/capitalization and numbers/symbols
 Compare to ideal AES-128 key = 128 bits of entropy (2^73 x LESS entropy!)
 Compare to AES-256 key = 256 bits of entropy (2^201 x LESS entropy!)
 Technical Controls
 Ensuring adequate salt (randomness) for AES key
 Change salt length to match length of encryption key (32 bytes/256 bits)
 Forced password complexity (? – better than nothing – but good enough - ?)
 Enforcing simple rules can actually REDUCE available entropy
 Improving password complexity rules to force more entropy

6.  Assigning passwords (give entropy to users)
 Because humans aren’t random – password
generation should be ‘more’ random
 Password Generation as a Service
 Secure Data Exchange Gateways
 Encrypted IM
 Encrypted email

7. How encryption is implemented with passphrase-based software
SECRET INFO
Passphrase
Random
Number PBKDF2 AES-128
Generator
Salt AES Key Encrypted
INFO
Compress
& Package
(ZIP)
Encrypted Doc
[and that’s a simplified version of the flow-chart]

8.  Almost everyone in IT knows AES!
 Encryption algorithm
 Current standard (Rijndael)
 Advancement from DES/Triple-DES
 Securing document is not just encryption
 Encryption needs keys
 Keys require handling / (Key Management)
 Key management requires a chains of trust
 Secure generating and trading of random keys is HARD
 Few have heard of PBKDF2
 Used to ‘passphrase’-protected documents
 (pseudo-random keys from simple passphrases)
 Creates AES encryption keys from Passphrases
 One-way algorithm (like a blender)
 Having the output you can’t get the input
 Flexible control
 # of cycles directly related to time to compute results
 Added entropy salted in by user (take the pseudo- out of pseudo-random with
entropy)

9. gr@pe_Pudd1ng SECRET INFO
random
AES
combo
one-way hash
101010101010101101011100
001010111011011010000111
101011010100110101001010
AES – pick-proof, complex
Salt added to recipe ensures
randomness for AES key
Email 2
Email 1
Entropy comes from recipe complexity.
A passphrase is created with a recipe that describes it. Salt and locked safe delivered to recipient

10. Control of this is possible only with
Email 2
ONLINE system controls – not
offline documents and files
29 million tries
per hour
? If attacker has
access to emails
already, trying
every OTHER
Attacker has access to Salt so email in the
random entropy of AES key does mailbox will be
not interfere with trials quick and easy!
Highly-automated Blender ($329)
29,064,960 recipes/hour
(yes, 29 MILLION!)
The complexity of the recipe and number of potential ingredients is the only thing preventing them from
duplicating the secret formula to recreate the AES key. Note the attacker does not directly brute force AES keys!
With online password systems, we can control speed of attacks with login controls such as timeouts and lockout.

11. 100000 Vocabulary 1 100000 100,000 phrases
1 Capital letter 1 1
32 typewriter symbol 1 32
10 number 1 10
4 number/cap/sym position 3 64
Attacker can choose capital speed/cost 32 GPUs @$250 ea $ 10,528.00
Attacker capital resources Total $ 15,328.00
2,048,000,000 2.20 hours
0.09 days
Amazon GPU Cloud* $ 81.03 16 AWS GPU instances
With cloud computing - attacker no longer worries about capital costs!
*Amazon GPUs not this fast (yet) -erring on side of caution
Worksheet simulation to examine how password rules/complexity affect attacker cost
Based on attack against MS Word 2010 PBKDF2 algorithm of 100,000 cycles –
Assumption based on using an ATI Radeon HD 5970 – Online price $329
--- (published attack speed of 20,184 passes/sec with COTS package)