Discussion:
Bootloader question about DriveCrypt Plus Pack
(too old to reply)
macarró
2009-03-16 07:32:37 UTC
Permalink
DriveCrypt Plus Pack can be set up with a "hard disk failure" BootAuth
message, I think this is a great feature.

I know that if someone looks at the bootloader with WinHex they will
still see some data, PGP customer service told me that when using whole
disk encryption their PGP software will have the PGP name and version
on the bootloader.

I asked the same question to Securstar, the question was, does the
bootloader stores any kind of information that identifies the
encryption product being used as DriveCrypt Plus Pack?. They said the
bootloader does not have identifiable information.

Has anyone here looked at DCPP bootloader, did you see the name
"Securstar" or something else that could lead to an snooper finding out
quickly what encryption product you are using?

The idea is to make it impossible for someone finding out what
encryption product is being used, I dont know if this can be done.

Thank you
Admins
2009-03-16 09:57:15 UTC
Permalink
Post by macarró
DriveCrypt Plus Pack can be set up with a "hard disk failure" BootAuth
message, I think this is a great feature.
I know that if someone looks at the bootloader with WinHex they will
still see some data, PGP customer service told me that when using whole
disk encryption their PGP software will have the PGP name and version on
the bootloader.
I asked the same question to Securstar, the question was, does the
bootloader stores any kind of information that identifies the encryption
product being used as DriveCrypt Plus Pack?. They said the bootloader
does not have identifiable information.
Has anyone here looked at DCPP bootloader, did you see the name
"Securstar" or something else that could lead to an snooper finding out
quickly what encryption product you are using?
The idea is to make it impossible for someone finding out what
encryption product is being used, I dont know if this can be done.
Thank you
It's safe to assume that anyone who knows encryption products, seeing
the screen you're talking about will know exactly what's being used, Regards
,cin
2009-12-28 03:05:39 UTC
Permalink
On Mon, 16 Mar 2009 02:57:15 -0700, Admins <***@nym.org> wrote:


Welcome to my killfile - you and your stupid vcf crap.

nemo_outis
2009-03-16 14:55:46 UTC
Permalink
Post by macarró
DriveCrypt Plus Pack can be set up with a "hard disk failure" BootAuth
message, I think this is a great feature.
I know that if someone looks at the bootloader with WinHex they will
still see some data, PGP customer service told me that when using whole
disk encryption their PGP software will have the PGP name and version
on the bootloader.
I asked the same question to Securstar, the question was, does the
bootloader stores any kind of information that identifies the
encryption product being used as DriveCrypt Plus Pack?. They said the
bootloader does not have identifiable information.
Has anyone here looked at DCPP bootloader, did you see the name
"Securstar" or something else that could lead to an snooper finding out
quickly what encryption product you are using?
The idea is to make it impossible for someone finding out what
encryption product is being used, I dont know if this can be done.
The stub bootloader that lives on track 0 will be recognixable as such by
any specialist as belonging to PGP Wholedisk, or Utimaco, or Winmagic, or
DCPP, or Truecrypt or whatever - regardless of whether that boot code
actually contains something so blatant as the software maker's name.

If this bothers you (although I can't see why it should) then it is a
trivial matter to scrub this track after every session and restore it as
you begin a later session (perhaps by using the encryption software's
"rescue disk" or some such thing, but if necessary from a "known good"
CD)

Regards,
Carsten Krueger
2009-03-16 16:06:02 UTC
Permalink
Post by nemo_outis
If this bothers you (although I can't see why it should) then it is a
trivial matter to scrub this track after every session and restore it as
you begin a later session (perhaps by using the encryption software's
"rescue disk" or some such thing, but if necessary from a "known good"
CD)
Or use Diskcryptor with USB-/CD-Boot.

greetings
Carsten
--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://www.temporaryinbox.com/ - Antispam
cakruege (at) gmail (dot) com | http://www.geocities.com/mungfaq/
Shaun
2009-03-17 20:27:59 UTC
Permalink
I am very sorry, the people at SecurStar support seem to be wrong
regarding preboot code.. I will get in touch with them, and make sure
that this is corrected. There is no strings in the bootstrap (first
hdd sector) but the code will be obvious to someone who knows the
product. There is certainly some in the code, which gets executed by
this bootstrap.

It is not possible to hide the DcPP boot routines if you want to boot
directly from HDD, as there needs to be some clear code for the
computer to execute in order to load the encrypted operating system.

HOWEVER then it is possible to zap the boot sector, and replace it
with an ordenary one, after creating a CD based tools disk, and you
can boot from that.

Currently bootauth files on the main disk might be still protected.
On DCPP only the first HDD physical sector has boot code on it, in the
MBR area. The rest is on a none movable file in the main disk area in
the root. Bootauthx.sys where x is 0 to 3

To deal with those you need to stop the DCPPSVC2 service, then rename
the files, reboot the computer and then zap them, and scrub the free
space on the disk. Be sure your alternative booting source works, and
then hide it!

Perhaps on a new version we might produce something on the BIOS/DOS
tools disk to do that for people.

Shaun.
Post by macarró
DriveCrypt Plus Pack can be set up with a "hard disk failure" BootAuth
message, I think this is a great feature.
I know that if someone looks at the bootloader with WinHex they will
still see some data, PGP customer service told me that when using whole
disk encryption their PGP software will have the PGP name and version
on the bootloader.
I asked the same question to Securstar, the question was, does the
bootloader stores any kind of information that identifies the
encryption product being used as DriveCrypt Plus Pack?. They said the
bootloader does not have identifiable information.
Has anyone here looked at DCPP bootloader, did you see the name
"Securstar" or something else that could lead to an snooper finding out
quickly what encryption product you are using?
The idea is to make it impossible for someone finding out what
encryption product is being used, I dont know if this can be done.
Thank you
Shaun Hollingworth
2009-03-17 20:30:09 UTC
Permalink
Post by Shaun
I am very sorry, the people at SecurStar support seem to be wrong
regarding preboot code.. I will get in touch with them, and make sure
that this is corrected. There is no strings in the bootstrap (first
hdd sector) but the code will be obvious to someone who knows the
PS: My aplogies for top posting in my two recent contributions. I post
to Usenet so seldom these days, that I forgot the correct protocols
for posting!

Regards.
Shaun.
Buzz Murdoch
2009-03-19 02:19:01 UTC
Permalink
On Tue, 17 Mar 2009 20:30:09 +0000, Shaun Hollingworth
Post by Shaun Hollingworth
Post by Shaun
I am very sorry, the people at SecurStar support seem to be wrong
regarding preboot code.. I will get in touch with them, and make sure
that this is corrected. There is no strings in the bootstrap (first
hdd sector) but the code will be obvious to someone who knows the
PS: My aplogies for top posting in my two recent contributions. I post
to Usenet so seldom these days, that I forgot the correct protocols
for posting!
Apologies accepted. And since you're here... :)

I recently upgraded from DC 4.x to 5.1. I read something about
improved security on 5.x disks as opposed to 4.x. Should I recreate
my disks (partitions, actually) and why?
Shaun
2009-03-19 18:56:25 UTC
Permalink
Post by Buzz Murdoch
On Tue, 17 Mar 2009 20:30:09 +0000, Shaun Hollingworth
Post by Shaun Hollingworth
Post by Shaun
I am very sorry, the people at SecurStar support seem to be wrong
regarding preboot code.. I will get in touch with them, and make sure
that this is corrected. There is no strings in the bootstrap (first
hdd sector) but the code will be obvious to someone who knows the
PS: My aplogies for top posting in my two recent contributions. I post
to Usenet so seldom these days, that I forgot the correct protocols
for posting!
Apologies accepted. And since you're here... :)
I recently upgraded from DC 4.x to 5.1. I read something about
improved security on 5.x disks as opposed to 4.x. Should I recreate
my disks (partitions, actually) and why?
Hi,

The main focus of the changes has been to reduce the rate at which
offline brute forced attacks can be thrown at the data This involves
extra hashing using the random data in the header for multible
feedback iterations to create a key salt. (The output of this is
still completely random after decryption of course, only different)
the idea simply being simply that any brute force attack code would
have to do the same and would therefore be much slower than the old
format would have been.

There is a slight slowdown in mounting disks because of all this extra
hash processing, however this only becomes very noticable when more
passwords have been entered, and now the hashes of these passwords
are automatically cleared after 3 minuites anyway, so no one really
sees this slowdown.

Dc5 is virutally a complete re-write of the thing. We tried to address
a number of criticisms people had. The WxWidgets based GUI was written
by a colleague here in the UK, using an SDK which may be made
available in the future.

I wouldn't really recreate your partitions, unless it is necessary for
example if you obtain a newer larger drive or something.

Regards,
Shaun.
Buzz Murdoch
2009-03-20 01:38:02 UTC
Permalink
Post by Shaun
Post by Buzz Murdoch
On Tue, 17 Mar 2009 20:30:09 +0000, Shaun Hollingworth
Post by Shaun Hollingworth
Post by Shaun
I am very sorry, the people at SecurStar support seem to be wrong
regarding preboot code.. I will get in touch with them, and make sure
that this is corrected. There is no strings in the bootstrap (first
hdd sector) but the code will be obvious to someone who knows the
PS: My aplogies for top posting in my two recent contributions. I post
to Usenet so seldom these days, that I forgot the correct protocols
for posting!
Apologies accepted. And since you're here... :)
I recently upgraded from DC 4.x to 5.1. I read something about
improved security on 5.x disks as opposed to 4.x. Should I recreate
my disks (partitions, actually) and why?
Hi,
The main focus of the changes has been to reduce the rate at which
offline brute forced attacks can be thrown at the data This involves
extra hashing using the random data in the header for multible
feedback iterations to create a key salt. (The output of this is
still completely random after decryption of course, only different)
the idea simply being simply that any brute force attack code would
have to do the same and would therefore be much slower than the old
format would have been.
There is a slight slowdown in mounting disks because of all this extra
hash processing, however this only becomes very noticable when more
passwords have been entered, and now the hashes of these passwords
are automatically cleared after 3 minuites anyway, so no one really
sees this slowdown.
Dc5 is virutally a complete re-write of the thing. We tried to address
a number of criticisms people had. The WxWidgets based GUI was written
by a colleague here in the UK, using an SDK which may be made
available in the future.
I wouldn't really recreate your partitions, unless it is necessary for
example if you obtain a newer larger drive or something.
Regards,
Shaun.
Many thanks.
Shaun
2009-03-19 18:59:43 UTC
Permalink
Post by Buzz Murdoch
On Tue, 17 Mar 2009 20:30:09 +0000, Shaun Hollingworth
Post by Shaun Hollingworth
Post by Shaun
I am very sorry, the people at SecurStar support seem to be wrong
regarding preboot code.. I will get in touch with them, and make sure
that this is corrected. There is no strings in the bootstrap (first
hdd sector) but the code will be obvious to someone who knows the
PS: My aplogies for top posting in my two recent contributions. I post
to Usenet so seldom these days, that I forgot the correct protocols
for posting!
Apologies accepted. And since you're here... :)
I recently upgraded from DC 4.x to 5.1. I read something about
improved security on 5.x disks as opposed to 4.x. Should I recreate
my disks (partitions, actually) and why?
[This did not appear quickly so I have reposted it]

Hi,

The main focus of the changes has been to reduce the rate at which
offline brute forced attacks can be thrown at the data This involves
extra hashing using the random data in the header for multible
feedback iterations to create a key salt. (The output of this is
still completely random after decryption of course, only different)
the idea simply being simply that any brute force attack code would
have to do the same and would therefore be much slower than the old
format would have been.

There is a slight slowdown in mounting disks because of all this extra
hash processing, however this only becomes very noticable when more
passwords have been entered, and now the hashes of these passwords
are automatically cleared after 3 minuites anyway, so no one really
sees this slowdown.

Dc5 is virutally a complete re-write of the thing. We tried to address
a number of criticisms people had. The WxWidgets based GUI was written
by a colleague here in the UK, using an SDK which may be made
available in the future.

I wouldn't really recreate your partitions, unless it is necessary for
example if you obtain a newer larger drive or something.

Regards,
Shaun.
macarró
2009-03-18 21:03:32 UTC
Permalink
Post by Shaun
I am very sorry, the people at SecurStar support seem to be wrong
regarding preboot code.. I will get in touch with them, and make sure
that this is corrected. There is no strings in the bootstrap (first
hdd sector) but the code will be obvious to someone who knows the
product. There is certainly some in the code, which gets executed by
this bootstrap.
It is not possible to hide the DcPP boot routines if you want to boot
directly from HDD, as there needs to be some clear code for the
computer to execute in order to load the encrypted operating system.
HOWEVER then it is possible to zap the boot sector, and replace it
with an ordenary one, after creating a CD based tools disk, and you
can boot from that.
Currently bootauth files on the main disk might be still protected.
On DCPP only the first HDD physical sector has boot code on it, in the
MBR area. The rest is on a none movable file in the main disk area in
the root. Bootauthx.sys where x is 0 to 3
To deal with those you need to stop the DCPPSVC2 service, then rename
the files, reboot the computer and then zap them, and scrub the free
space on the disk. Be sure your alternative booting source works, and
then hide it!
Perhaps on a new version we might produce something on the BIOS/DOS
tools disk to do that for people.
Shaun.
Thank you for your reply Shaun. Actually it would be great to see a
Securstar forum for its products like PGP has, just a suggestion.

In case you want to know, and to proof that I am not making it up, the
ticket ID where I asked that question is Ticket ID: 133522

Full textual reply I got:

Dear XXXX,

The only thing that our software store on the MBR is the keystore.
However, the keystore is encrypted and is impossible to open without a
password.
--------------------------

PS: That ticket looks very weird at the beggining, and there is an
explanation for that at the end of the ticket.

I will not go into specific details, other than to say that what
someone did was definetely out of order and certainly not professional.
I am hapy with DCPP now and forgotten about it I just hope someone has
googled what identity theft means.
Loading...