I am using a major brand of file encryption that stores its keys in a
database file. My files were being backed, but were encrypted at the same
time. Recently, I suffered a hard disk crash and had to resort to restore
my files that were stored under "my documents". Unfortunately, the
database with the keys wasn't being backed up because they weren't located
under "my documents". Needless to say, the files that were backed up can't
be decrypted under normal operation after being restored.
Do software developers keep backup keys available for this situation or am I
hosed? Is there anything on the marked to decrypt these files?
John Doe wrote:
> I am using a major brand of file encryption that stores its keys in a
> database file. My files were being backed, but were encrypted at the same
> time. Recently, I suffered a hard disk crash and had to resort to restore
> my files that were stored under "my documents". Unfortunately, the
> database with the keys wasn't being backed up because they weren't located
> under "my documents". Needless to say, the files that were backed up can't
> be decrypted under normal operation after being restored.
>
> Do software developers keep backup keys available for this situation or am I
> hosed? Is there anything on the marked to decrypt these files?
>
> Sincerely,
> Bob Becnel
>
>
You don't say what you used to encrypt the files. Sounds pretty shoddy
if they didn't recommend backing up the keys. Try googling
> I am using a major brand of file encryption that stores its keys in a
> database file. My files were being backed, but were encrypted at the
> same time. Recently, I suffered a hard disk crash and had to resort
> to restore my files that were stored under "my documents".
> Unfortunately, the database with the keys wasn't being backed up
> because they weren't located under "my documents". Needless to say,
> the files that were backed up can't be decrypted under normal
> operation after being restored.
Maybe I should note that your security concept is completely pointless.
Either you backup the keys, by what attackers can easily get to the
plaintext, or you don't backup the keys, turning the backups useless in
case of data loss.
> Do software developers keep backup keys available for this situation
> or am I hosed? Is there anything on the marked to decrypt these
> files?
Developers of secure encryption software (i.e. not closed-source)
generally don't keep such "backup keys", because again that would render
the entire security system completely pointless.
If the cipher used is a secure one, then yes, you're hosed. There are
programs for brute-forcing, but if your keys were random (i.e. not
generated from a passphrase), then don't bother -- your data is lost.
Regards,
Ertugrul Söylemez.
--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
Ertugrul Soeylemez wrote:
> "John Doe" <wustlumc@earthlink.net> (07-07-14 23:21:12):
>
>> I am using a major brand of file encryption that stores its keys in a
>> database file. My files were being backed, but were encrypted at the
>> same time. Recently, I suffered a hard disk crash and had to resort
>> to restore my files that were stored under "my documents".
>> Unfortunately, the database with the keys wasn't being backed up
>> because they weren't located under "my documents". Needless to say,
>> the files that were backed up can't be decrypted under normal
>> operation after being restored.
>
> Maybe I should note that your security concept is completely pointless.
> Either you backup the keys, by what attackers can easily get to the
> plaintext, or you don't backup the keys, turning the backups useless in
> case of data loss.
>
You'll have to explain this, you're basically saying that file
encryption is worthless. How does backing up the keys expose them to
hackers?
>
>> Do software developers keep backup keys available for this situation
>> or am I hosed? Is there anything on the marked to decrypt these
>> files?
>
> Developers of secure encryption software (i.e. not closed-source)
> generally don't keep such "backup keys", because again that would render
> the entire security system completely pointless.
>
> If the cipher used is a secure one, then yes, you're hosed. There are
> programs for brute-forcing, but if your keys were random (i.e. not
> generated from a passphrase), then don't bother -- your data is lost.
>
>
> Regards,
> Ertugrul Söylemez.
>
>
> > Maybe I should note that your security concept is completely
> > pointless. Either you backup the keys, by what attackers can easily
> > get to the plaintext, or you don't backup the keys, turning the
> > backups useless in case of data loss.
>
> You'll have to explain this, you're basically saying that file
> encryption is worthless. How does backing up the keys expose them to
> hackers?
If the encryption keys become part of the backup, then what's the point
in encrypting?
Regards,
Ertugrul Söylemez.
--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
Ertugrul Soeylemez wrote:
> jc <me@nospam.nett> (07-07-16 18:53:23):
>
>>> Maybe I should note that your security concept is completely
>>> pointless. Either you backup the keys, by what attackers can easily
>>> get to the plaintext, or you don't backup the keys, turning the
>>> backups useless in case of data loss.
>> You'll have to explain this, you're basically saying that file
>> encryption is worthless. How does backing up the keys expose them to
>> hackers?
>
> If the encryption keys become part of the backup, then what's the point
> in encrypting?
>
>
> Regards,
> Ertugrul Söylemez.
>
>
I still don't see what you're getting at. The keys are useless without a
password.
On Thu, 19 Jul 2007 05:53:03 +0200, Ertugrul Soeylemez wrote:
> jc <me@nospam.nett> (07-07-16 18:53:23):
>
>>> Maybe I should note that your security concept is completely
>>> pointless. Either you backup the keys, by what attackers can easily
>>> get to the plaintext, or you don't backup the keys, turning the
>>> backups useless in case of data loss.
>>
>> You'll have to explain this, you're basically saying that file
>> encryption is worthless. How does backing up the keys expose them to
>> hackers?
>
> If the encryption keys become part of the backup, then what's the point
> in encrypting?
>
> Regards,
> Ertugrul Söylemez.
Which brings me to a conversation I just had with Moxy. They can't
backup encrypted files.
Ari wrote:
> On Thu, 19 Jul 2007 05:53:03 +0200, Ertugrul Soeylemez wrote:
>
>> jc <me@nospam.nett> (07-07-16 18:53:23):
>>
>>>> Maybe I should note that your security concept is completely
>>>> pointless. Either you backup the keys, by what attackers can easily
>>>> get to the plaintext, or you don't backup the keys, turning the
>>>> backups useless in case of data loss.
>>> You'll have to explain this, you're basically saying that file
>>> encryption is worthless. How does backing up the keys expose them to
>>> hackers?
>> If the encryption keys become part of the backup, then what's the point
>> in encrypting?
>>
>> Regards,
>> Ertugrul Söylemez.
>
> Which brings me to a conversation I just had with Moxy. They can't
> backup encrypted files.
I'm missing something. If someone got hold of the backup, with the keys
and the encrypted files, what could they do without a passphrase? Seems
like the files would still be safe given a strong one.
>>> If the encryption keys become part of the backup, then what's the point
>>> in encrypting?
>>>
>>> Regards,
>>> Ertugrul Söylemez.
>>
>> Which brings me to a conversation I just had with Moxy. They can't
>> backup encrypted files.
>
> I'm missing something. If someone got hold of the backup, with the keys
> and the encrypted files, what could they do without a passphrase? Seems
> like the files would still be safe given a strong one.
You would be one layer short of protection, that being the passphrase
only which, if 16 characters, ought to be sufficient.
> > If the encryption keys become part of the backup, then what's the
> > point in encrypting?
>
> I still don't see what you're getting at. The keys are useless without
> a password.
Now we're getting somewhere. From what you told it sounded like the
keys were backed up in plain.
Regards,
Ertugrul Söylemez.
--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
Ari wrote:
> On Tue, 24 Jul 2007 02:03:29 GMT, jc wrote:
>
>>>> If the encryption keys become part of the backup, then what's the point
>>>> in encrypting?
>>>>
>>>> Regards,
>>>> Ertugrul Söylemez.
>>> Which brings me to a conversation I just had with Moxy. They can't
>>> backup encrypted files.
>> I'm missing something. If someone got hold of the backup, with the keys
>> and the encrypted files, what could they do without a passphrase? Seems
>> like the files would still be safe given a strong one.
>
> You would be one layer short of protection, that being the passphrase
> only which, if 16 characters, ought to be sufficient.
I suppose it would be a good idea to back up the keys on their own
device. Keep that in a secure place.
> Ari wrote:
>> On Tue, 24 Jul 2007 02:03:29 GMT, jc wrote:
>>
>>>>> If the encryption keys become part of the backup, then what's the point
>>>>> in encrypting?
>>>>>
>>>>> Regards,
>>>>> Ertugrul Söylemez.
>>>> Which brings me to a conversation I just had with Moxy. They can't
>>>> backup encrypted files.
>>> I'm missing something. If someone got hold of the backup, with the keys
>>> and the encrypted files, what could they do without a passphrase? Seems
>>> like the files would still be safe given a strong one.
>>
>> You would be one layer short of protection, that being the passphrase
>> only which, if 16 characters, ought to be sufficient.
>
> I suppose it would be a good idea to back up the keys on their own
> device. Keep that in a secure place.
>
> jc
to answer the original question, no, developers don't have backdoors
as a rule - we write in solid recovery processes and expect people to
follow them.
If we did put in back doors, and they were discovered, we'd be
ridiculed out of the market, so, we tend not to do anything so silly.
File Encryption/Decryption Question 
Linear Mode
