one for the eggheads to explain

[Sheph]

right heres the scenario.. yesterday my account was hacked (reported etc..)

heres what i have running please explain to me how i can get a keylogger into my pc without downloading anything and without opening any email attachments.. i have currently on my system the following thingies to keep (or atleast i thought it would) nasty sweaty un-employed teenage hackers out...

1/ Firewall - FireWall-1, Using INSPECT, adaptive and intelligent inspection technology, integrates both network-level and application-level protection to provide the highest level of security, with access control, attack defenses, content security, authentication, and integrated Network Address Translation (NAT). FireWall-1 is integrated into the VPN-1 family of products and managed by Check Point's leading SMART management architecture.

2/ Virus Scan software - McAfee Virus-scan 7.0 Professional .. this sucker picks up pretty much anything activex related, java exploits, cookie exploits you name it, it intercepts and gives me the option to block/delete/ban source address etc..

i havent done any of the following in the last 7days (since i reformatted new HD)
1. no downloads other than game patches from trusted sites (manufacturer only)
2. no emails have been opened (my private email isnt known to anyone but my family)
3. my firewall has NEVER been disabled or turned off.

yet still these fuckers get in... i dont get it... what the fuck is the point of having all these devices if some sweaty little fuktard can still get in and rip you off.....

Hi!

I didnt bother to read all replies but i can mebbe give u an answer.

Is your computer fully patched ?

If its not viruses and trojans can enter your computer while you surf the net. Your firewall or Antivirus cant stop this. These viruses often resides on "safe" pages.

 

[Danya]

32bit and 48bit is quite easy on a desktop PC tho it will take a day or so...
128bit on a Decent Alpha system or Sun station takes anything from 1day to 1 year.. it has been done and proven, as was the case when some school kids in I think it was norway or sweeden hacked into the NASA and Microsoft.

you will also find things like WEP used on wireless access points is very easy to crack 128bit can be done in Just over 24h and 256Bit takes I bleave it was over a week, ill see if I can find the information and post a link if you are intrested.

The more you use technology is the easyer it is to break!

Just over 4 or 5 years ago it was illegal to use 128bit encryption anywhere except the US, because they believe they had control this was again proven wrong when they where hacked into, which is why it is now used access the internet.. because it can be cracked given a little time, and the right tools.

Just because you think you like all the facts etc.. doesnt mean you are right. but then again they say ignorance is bliss

Yes please do show this "information".
Currently the only way to break reasonable encryption systems is to brute-force all the keys. For a 48 bit key there are 2^48 different keys or 281474976710656. To break that in a day would mean checking 11728124029610 keys per hour or 3257812230 keys per second. 3.2 billion keys per second is impossible on a desktop - you only get about that many instructions per second, and it takes a lot more than 1 instruction to generate an encryption key and check if it works.
128-bit on the fastest computer in the world would still take billions of years. BTW most sun and alpha systems are particularly any faster for raw processing than a standard desktop system, they just have multiple processors which means they can check multiple keys simultaneously. Even so unless you know of a 1 billion cpu computer it's still unfeasible.

 

[Boni]

Got my money on Danya here.

Undying your stats about WEP keys dont add up. If 128 bit takes 24 hrs then 256 bit would not take a week, 256 bit is a lot more than 7x as time consuming, closer to 128 times..

 

[Heath]

Thats it for me...you started bringing big numbers to jumble up the words for me ((o:

I slightly understand what it means....basically nothing is really 100% safe no matter what you do or how much you do it. And, if something was 100% safe...it would not be sitting on somebodies PC table at home to play DAoC !!.

 

[Danya]

Got my money on Danya here.

Undying your stats about WEP keys dont add up. If 128 bit takes 24 hrs then 256 bit would not take a week, 256 bit is a lot more than 7x as time consuming, closer to 128 times..

Indeed.
Also while I don't doubt MS and NASA have been hacked I find I highly unlilely the had keys broken, more likely they relied on some other weakness to break in. Generally that's how hacking occurs - it's almost impossible to completely secure a system, because humans use it and humans are fallible. All it takes is one user with a weak password or such and they're in.

 

[Sheph]

Yes please do show this "information".
Currently the only way to break reasonable encryption systems is to brute-force all the keys. For a 48 bit key there are 2^48 different keys or 281474976710656. To break that in a day would mean checking 11728124029610 keys per hour or 3257812230 keys per second. 3.2 billion keys per second is impossible on a desktop - you only get about that many instructions per second, and it takes a lot more than 1 instruction to generate an encryption key and check if it works.
128-bit on the fastest computer in the world would still take billions of years. BTW most sun and alpha systems are particularly any faster for raw processing than a standard desktop system, they just have multiple processors which means they can check multiple keys simultaneously. Even so unless you know of a 1 billion cpu computer it's still unfeasible.

Well not for it being relevant really since u need to be a high priority target, but the 128-bit crypto has been compromised and introduced the 256-bit. It will be compromised too. I believe it took them 25 min. Done by a russian last year if i recall correct.

No i dont know how they did it.

 

[Danya]

128-bit cryptography as used over SSL and such has not been comprimised that I'm aware of. On the other hand MD5 (which uses 128-bit keys) for instance has been broken (well not so much broken as aliasing has been found with some hashes) that would allow people to comprise a server given the password file in an hour or two. It wouldn't let someone decrypt a datastream sent over SSL, which is a much harder problem.

 

[UndyingAngel]

Got my money on Danya here.

Undying your stats about WEP keys dont add up. If 128 bit takes 24 hrs then 256 bit would not take a week, 256 bit is a lot more than 7x as time consuming, closer to 128 times..

yes well I was just giving estimated times.. I can tell you for a fact 128bit can be done in just under 24h as we tested this is a live situation and is why the company no longer uses it this was done by reverse engineering the packets that where sent access the network and literally picking out the encryption key this is a lot easier if you know what equipment you are using etc.

Its nothing to-do with key checking, I will agree with you it would take a very long time to check encryption using this method ill explain here, the number of combinations that must be tried for a brute force attack 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:

• develop a CPU that can test 1 billion IDEA keys per second

• build a parallel machine that consists of one million of these processors

• mass produce them to an extent that everyone can own one hundred of these machines

• network them all together and start working through the 128 bit key space

Assuming ideal performance and no downtime, one should be able to exhaustively search the key in over say 20,000 or 25,000 years

You can standard algorithms most of which can be found here on the internet if you look hard enough but this is just for breaking 128bit code that is commonly used on the Internet you can still capture say 1,000,000 packets+ and attempt to crack it FPGA is another way you could attempt todo it but you would been a lot of information about what you are doing first , TCP/IP was once thought to be the most secure protocol in the world until 2 university kids crack this by reverse engineering. I have a book all about it some where ill did it out if you wish to download the PDF version, this explains all about how and why, and with regards to alpha system and desktop PC(i386) there are more differences than just raw processing and being able to have X amount of processors, a i386 processor is a multi platform processor, where all alpha processors etc.. are just designed to-do 1or 2 job(s)(normally) the best way for you to find information is look on the Internet its all out there I will see what info I can throw you way help my case but tbh, I cba as I know what is / does happen all the time.

Anyway im board now lol.. I need some sleep =P

FPGA (Field Programmable Gate Arrays)
I386 – 32bit Processor Developed by Intel sometime way in the past lol
TCP/IP - Use to Exchange information between different networks and architectures, most commonly used on the Internet

 

[Danya]

Assuming a non-retarded setup it should be impossible to pick the key out of the packets, as it's never sent in plaintext. Last I checked DHM key exchange hadn't been broken. As something like that would be very big news it seems unlikely it just slipped past...
Given that you can't just pick the key out of the packets, what other solutions are there but brute force?

 

[Boni]

yes well I was just giving estimated times.. I can tell you for a fact 128bit can be done in just under 24h as we tested this is a live situation and is why the company no longer uses it this was done by reverse engineering the packets that where sent access the network and literally picking out the encryption key this is a lot easier if you know what equipment you are using etc.

I think it can only be broken if the algorithm or implementation is flawed. This was the case with the SSL implementation in Netscape in the past, perhaps thats what you where thinking of? But please post any links you have, im no expert on cryptography and would be interested to read about any genuine case of 128bit key encrption being solved without brute force.

 

[SevenSins]

Just wondering, Danya, Undying.

Are your brains still intact? Did they explode yet?

What's your secret?

My brain would've exploded a few years ago with so many numbers in my head oO

 

[Danya]

There's this remarkable tool for handling big numbers SevenSins - it's called a calculator.

 

[gunner440]

danya owns you all

:worthy:

 

[Job]

As for the 'billions' of years to hack encryption, that's a theoretical number.

Most of them have been hacked in much, much shorter time scales (obviously or they wouldnt have been hacked yet)

Didn't some guy set up a key and said it would 'never' be hacked, it took 10 yrs.

 

[Danya]

Obviously as computers become faster the number decreases, but computers aren't likely to become faster by that sort of amount (quantum computers not-withstanding).

 

[Devaster]

Obviously as computers become faster the number decreases, but computers aren't likely to become faster by that sort of amount (quantum computers not-withstanding).

U forgot then Help Crack the Code project wich was made by some ppl who promote open source software. Everyone who wanted to help was just downloading a client avaible for almost all platforms, and run it. After logging in to server each client were recieving the the encrypted code and a number of retrys and range of retrys he had to do probe on that code. At peak houres there were smt like 300-400k users. They were taking orders to compromise access even to military stuctures and jobs were done pretty fast.

 

[Boni]

More links, less references to vauge hacking projects please! If the truth is out there givf link!

 

[Devaster]

More links, less references to vauge hacking projects please! If the truth is out there givf link!

http://www1.distributed.net/download/clients.php

 

[Danya]

As per that site...

"Then, on 14 July 2002 at 0150 UTC we found the winning key for the RSA Labs 64-bit secret-key challenge (RC5-32/12/8). That key was 0x63DE7DC154F4D039 and took us 1,757 days to locate"

They cracked 64-bit encryption in 4.8 years... so it would only take them 88544371553805847757 years to break 128-bit, woo.

 

[Boni]

http://www1.distributed.net/download/clients.php

Interesting link, thanks, much like the seti at home project, I like the idea of distributing the problem to lots of home users, a great way to get lots of processing power

But as Danya says, I can find one reference to a 64 bit key being broken in just under 5 years there, thats nice as a competition goal, but hardly shows that any old fool with a PC can haxor basic encryption at home or on his university network.

 

[Boni]

Obviously as computers become faster the number decreases, but computers aren't likely to become faster by that sort of amount (quantum computers not-withstanding).

Dont doubt mores law! Im sure we will get round all those silly limitations like the speed of electrons. Would be interesting to work out how long 128bit key encryption would take give that Moores law doest fail cause of some engineering or physical limiation. Definatly gotta take it into account when making assumptions about computational projects that take longer than 2 years.

Oh and roll on quantum computers, then we might get quantum cryptography and throw all our silly encryption methods away for good

http://news.bbc.co.uk/1/hi/technology/3543495.stm

 

[Boni]

Oh heres another nice link from the BBC

http://news.bbc.co.uk/1/hi/technology/3804895.stm

Bit about cryptography, whats possible and isnt from some professors.
Oh and a vague rumour about the USA breaking an Iranian key (hardly conclusive).

 

[Danya]

Quantum cryptography would be cool as it's proven to be unbreakable - even intercepting the signal makes it unbreakable (for both the intercepter and the recipient) and as such means you can tell if someone is sniffing your communications.

 

[Gorryk]

Of course, all these figures are giving the time to check all posisble keys I assume? If there are multiple valid keys, then this would reduce the time to find any single correct key. You can always get (insanely) lucky too and get it right first time

I wish I'd chosen the cryptology course at uni so he could sound reasonably intelligent in this conversation Oh well...

 

[Danya]

One of the goals of cryptographic algorithms is to minimise key aliasing (having multiple valid keys), so there are unliklely to be more than handful of valid keys at best. Of course that's assuming the algorithm used doesn't have much aliasing, which is by no means a given - MD5 was recently discovered to have quite a lot of aliasing for hashes of passwords and as such many people are moving to other algorithms now.

But yes you could get very lucky and find they key immediately, it's somewhat unlikely though.

 

[UndyingAngel]

Quantum cryptography would be cool as it's proven to be unbreakable - even intercepting the signal makes it unbreakable (for both the intercepter and the recipient) and as such means you can tell if someone is sniffing your communications.

unbreakable for now.. they have said this time and time b4.. give it 5 years or so when it has become main stream and it with be broken. I wouldnt wanna guess how long it would like tho.. bearing in mind when they where using 32bit encription back in the day.. they said it would never be broken :eek2: lol

 

[Danya]

They never said current encryption was unbreakable - just infeasible to do so. Quantum cryptography is provably unbreakable, proof is not something that might change in a few years with faster tech, as long as the proof is valid (and if it isn't then it means most of mathematics is invalid) it means you cannot break the encryption.
Currently there is only one unbreakable encryption system actually in use - one-time pad. If used correctly a one-time pad is completely unbreakable, however they are very awkward to use so are very rarely used. All other encryption is just very hard to break, given resources you can break it.

 

[Ormorof]

you can scan for openings on this: http://scan.sygate.com/

dunno how useful it is since all these numbers mean about as much to me as the cricket scoring system

 

[sibanac]

unbreakable for now.. they have said this time and time b4.. give it 5 years or so when it has become main stream and it with be broken. I wouldnt wanna guess how long it would like tho.. bearing in mind when they where using 32bit encription back in the day.. they said it would never be broken :eek2: lol

There is a sllight diffrence tho, there is no way to listen in on a quatum transmision without sender and reciver beeing aware of it unless you can break the laws of physics.

brute force against a 256 bit key is technicaly imposible.
If you got all the energy the sun releases for 32 years, you would have enough power to make a computer count from 0 to 2^192 (bruteforce a 192 bit key)
(that is if the computer would have no energy loss what so ever)
this is based on the basic laws of theremodynamics


source bruce schneier, applied cryptography

 

[Boni]

There is a sllight diffrence tho, there is no way to listen in on a quatum transmision without sender and reciver beeing aware of it unless you can break the laws of physics.

brute force against a 256 bit key is technicaly imposible.
If you got all the energy the sun releases for 32 years, you would have enough power to make a computer count from 0 to 2^192 (bruteforce a 192 bit key)
(that is if the computer would have no energy loss what so ever)
this is based on the basic laws of theremodynamics


source bruce schneier, applied cryptography

Nice stat, gotta remember that one