TabletPremium
join:2003-01-15
Czech | Securing my Certificates Hi,
I am trying to understand how storing of certificates works under Win-XP. When I import a certificate to the WinXP certificate store, is there a way for a thief who steals the hard disk to retrive the private key or is it encrypted somehow using my account password? My account password is very strong I would say.
Ofcourse I could have the certificate on a floppy disk, but that is not very user friendly. Also I do not want to input password every time I use the certificate in the store.
Also I keep the certificate exported on the disk and password is required to use the private key. That's my next question, is the passworded certificate easy to brute force even if I have a strong password for it?
It's a lot of questions, I will be gratefull for any answers since I couldn't find any usefull links. Thanks |
|
|
|
| said by Tablet:
When I import a certificate to the WinXP certificate store, is there a way for a thief who steals the hard disk to retrive the private key or is it encrypted somehow using my account password? My account password is very strong I would say.
As far as it is currently known, no, its not possible. But then again, look at how they screwed it with Windows2000...  But what certificate are you talking about? I presume you meant EFS certificate?
Make sure you have enabled "Use FIPS complient algorithms for hashing etc. etc." from WindowsXP settings, check help here »www.markusjansson.net/exp.html  otherwise who knows how lousy they have stored it in Windows...
quote:
Also I keep the certificate exported on the disk and password is required to use the private key. That's my next question, is the passworded certificate easy to brute force even if I have a strong password for it?
Depends. If you mean other than EFS certificates...If you selected something called "Enable strong protection blahblahblah" when exporting it and used a good passphrase, it SHOULD BE encrypted. But again...its M$ we are talking here, so I wouldnt bet on it.
Am I making any sense here? If its EFS certificate, its encrypted with your salted loginpassphrase in WindowsXP when its stored in WindowsXP. If its certificateX, I wouldnt count that it would be in encrypted form at all. When you export whatevercertificate and "Enable strong protection blahblahblah" and use good passphrase, it SHOULD BE in encrypted form when you save it to disk etc.
All certificates I have backed up, I have encrypted using PGP and created self-executing encrypted packages from them...and ofcourse used a good passphrase. This way I can be sure that when I store them on floppy etc. they ARE sure hell encrypted well.
--
My computer security & privacy related homepage
»www.markusjansson.net
[text was edited by author 2003-03-01 18:59:01] |
|
TabletPremium
join:2003-01-15
Czech | >But what certificate are you talking about? I presume you >meant EFS certificate?
I was talking about certificates in general, not necessarilly EFS certificates. For example I have a certificate for online banking for which password is required to use the private key. According to what bank has said, the private key is encrypted though I do not know if the encryption is strong enough.
>Make sure you have enabled "Use FIPS compliant algorithms >for hashing etc. etc." from WindowsXP settings
Unfortunatelly if I enable this setting I cannot use my online banking using SSL, so I have to go without the option enabled
Nevertheless thank you very much, now I shall look at the links you had posted. |
|
| said by Tablet:
For example I have a certificate for online banking for which password is required to use the private key.
In practise, how does this happen? You go to their www-site with your browser and...what?
quote:
According to what bank has said, the private key is encrypted though I do not know if the encryption is strong enough.
A tip: Banks dont know drek about computer security, so dont count anything on that. It took me 3 years to persuade Scandinavias biggest bank (Nordea) to move to 1024bit RSA from their totally insecure 512bit RSA...
quote:
Unfortunatelly if I enable this setting I cannot use my online banking using SSL, so I have to go without the option enabled
EXCUSE ME?!? It doesnt effect SSL in any way. SSL settings are configured in your browser...
--
My computer security & privacy related homepage »www.markusjansson.net |
|
No Name5You Only Regret What You Have Not Done.
join:2000-01-26
Glendale, AZ | reply to Tablet
Ok, you worry way too much. If your hard disk is stolen call the bank an do what is necessary to shut off the account or change the encryption. Beyond that is not there a password for the account? I never save the password to hardrive along with never using unknown computers. |
|
TabletPremium
join:2003-01-15
Czech
| reply to jansson_mark
said by jansson_mark:
said by Tablet:
For example I have a certificate for online banking for which password is required to use the private key.
In practise, how does this happen? You go to their www-site with your browser and...what?
I go the the website and input location of my exported certificate, then it asks for passsword. When I try to import the certificate to my certificate store, it asks for password too, so I guess it should be encrypted. What do you think?
quote:
According to what bank has said, the private key is encrypted though I do not know if the encryption is strong enough.
quote:
A tip: Banks dont know drek about computer security, so dont count anything on that. It took me 3 years to persuade Scandinavias biggest bank (Nordea) to move to 1024bit RSA from their totally insecure 512bit RSA... My bank uses 1024bit RSA, hope it is sufficient.
quote:
Unfortunatelly if I enable this setting I cannot use my online banking using SSL, so I have to go without the option enabled
EXCUSE ME?!? It doesnt effect SSL in any way. SSL settings are configured in your browser...
I don't understand why, but whenever I enable using FIPS compliant algorithms, SSL for my specific bank doesn't work. I have to enable TLS to make it work. My father's online banking also doesn't work with the option enabled, but in his case it seizes to work even with TLS support enabled in IE60.. Link to my bank's secure site is here, so you may try it yourself, you will not get there with the FIPS option on and TLS turned off. I guess SSL and the option have to be somewhat interconnected.
»www.mojebanka.cz and click on the upper-right button named "Pøihlášení do systému"
[text was edited by author 2003-03-02 03:46:16] |
|
| said by Tablet:
I go the the website and input location of my exported certificate,
??? What? How? When I go to that page, I get empty page and no prompts nothing.
quote:
then it asks for passsword.
What exactly asks the password? Browser, certificate store or www-page?
quote:
When I try to import the certificate to my certificate store, it asks for password too, so I guess it should be encrypted.
Import it from where and who putted the password for it? Did you get it on a floppy from the bank and they putted a password for it or...
quote:
I don't understand why, but whenever I enable using FIPS compliant algorithms, SSL for my specific bank doesn't work. I have to enable TLS to make it work.
In security perspective, TLS is even better than SSL, so you better use FIPS and TLS.
quote:
My father's online banking also doesn't work with the option enabled, but in his case it seizes to work even with TLS support enabled in IE60.
It might be that bank only supports weak keys for SSL and if you disable them it doesnt work. I dont know. This SHOULDNT be the issue. I dont know. But you SHOULD use FIPS and hopefully TLS (1024bit RSA and atleast 128bit symmetric cipher).
quote:
»www.mojebanka.cz
I dont know about IE, but with Opera I can go there with both SSL and TLS. But, I get blank screen so it doesnt go forward from »www.mojebanka.cz/installnew.html?run=login apparenlty some javascript bug so it doesnt work with Opera...
Could you put some screen captures about what you are describing? (Keep them small with .jpg etc.) This seems very intresting but I dont seem to understand all you mean...
--
My computer security & privacy related homepage »www.markusjansson.net |
|
TabletPremium
join:2003-01-15
Czech | IE60 error |
|
TabletPremium
join:2003-01-15
Czech | reply to jansson_mark
To make things clear:
When using the online banking I go to a web page and have to input location to the certificate and on the same web page I also input the password.
I obtained the certificate on a floppy disk, they gave it to me in the bank and the password was already there protecting the private key, I had chosen the password myself in the web application.
What you are describing as Java script error is exactly what I get if I enable option to use FIPS compliant encryption. Only when I disable this option or when I enable TLS I can proceed further and see the actual page. I posted the IE error above hopefully, since I do not yet know how to work with attachments on this forum. |
|
| said by Tablet:
To make things clear:
When using the online banking I go to a web page and have to input location to the certificate and on the same web page I also input the password.
So a window pops up and ask the certificate? Can you grap a screen capture(s) from that?
quote:
I obtained the certificate on a floppy disk, they gave it to me in the bank and the password was already there protecting the private key, I had chosen the password myself in the web application.
OK. But a stupid question: Why do they use certificates for this one, it would a lot easier to use one-time-passphrases or verification cards (similiar) to login. Now, you cannot login if you dont carry that disk with you all the time and you CANT use any public computer to login, since if that computer is fitted with trojan horse, it can grap your certificate when you use it yourself!!! If you where using one-time-passphrases (usually 4-8 digit number) there would be no danger or trojan horses since the number you give is only used once (by you) and then its useless.
quote:
What you are describing as Java script error is exactly what I get if I enable option to use FIPS compliant encryption. Only when I disable this option or when I enable TLS I can proceed further and see the actual page.
Intresting! I get the same error when I try to use Nordea banks internet with my IE! Hmmmmmm......Strange. FIPS option should NOT have any effect on SSL/TLS whatsoever!  LOL!
--
My computer security & privacy related homepage »www.markusjansson.net |
|
| reply to Tablet
Dammit, I cant edit my earlier posting, dont know why...anyway, this is what I forgot to say...
said by Tablet:
I obtained the certificate on a floppy disk, they gave it to me in the bank and the password was already there protecting the private key, I had chosen the password myself in the web application.
The certificate in your floppy might be protected with good crypto or not. My advice is, that you import it to OS/browser, then WIPE it from the disk and then export it back to floppy in strongly encrypted form (use PGP to be sure). And how good the passphrase protection is in IE, thats a hard question, it might be good or it might be bad, personally I believe it is bad since M$ dont know how to do these things.
The certificate is meant for IE isnt it? Could you import it to, lets say, Opera and put a good passphrase onto it there (that would make it safe since I know they do encrypt it in Opera using your passphrase)?
--
My computer security & privacy related homepage »www.markusjansson.net |
|
 compostuser12yr. Single Malt
join:2002-02-28
Huntsville, AL | reply to Tablet
I also can't bank online with FIPS enabled. |
|
| reply to Tablet
OK, now I know whats the problem... When you enable FIPS, you cant use SSL2/SSL3, since they use not-FIPS algorithms like MD5 and RC2. When you enable FIPS, only TLS is available with 3DES and SHA-1. If you have FIPS enabled and are going to www-site that uses SSL2/SSL3 and does not support TLS with 3DES and SHA-1, you will end up in blank page or "page not found".
In IE options, you can still enable SSL2/SSL3 but IE doesnt use them. If M$ was logical, they would have "greyed out" those options from IE if IE cant use them, but since they arent, users can still "enable" them from IE options but nomatter are they enabled or disabled from there, they ARE disabled if FIPS is enabled.
MS support just told me this...
SO...I would suggest that you would contact that bank of yours so that they would upgrade to TLS for better security for their customers.  I will notify www.nordea.fi about their site...
--
My computer security & privacy related homepage
»www.markusjansson.net
[text was edited by author 2003-03-02 21:28:43] |
|
TabletPremium
join:2003-01-15
Czech
| said by jansson_mark:
When you enable FIPS, you cant use SSL2/SSL3, since they use not-FIPS algorithms like MD5 and RC2. When you enable FIPS, only TLS is available with 3DES and SHA-1. If you have FIPS enabled and are going to www-site that uses SSL2/SSL3 and does not support TLS with 3DES and SHA-1, you will end up in blank page or "page not found".
In IE options, you can still enable SSL2/SSL3 but IE doesnt use them. If M$ was logical, they would have "greyed out" those options from IE if IE cant use them, but since they arent, users can still "enable" them from IE options but nomatter are they enabled or disabled from there, they ARE disabled if FIPS is enabled.
MS support just told me this...
SO...I would suggest that you would contact that bank of yours so that they would upgrade to TLS for better security for their customers. I will notify www.nordea.fi about their site...
--
My computer security & privacy related homepage
»www.markusjansson.net
[text was edited by author 2003-03-02 21:28:43]
Thank you very much, now I am much more clear about the matter and I will definitely contact the bank. Before that could you Markus or anyone else pls explain to me what in fact does FIPS compliance guarantee. Until now I thought that SSL is very secure, now I see that it might not me. I thought 128 bit encryption was used in SSL. I have read you site Markus but I didn't get all the stuff about encryption, so sorry if I am completely wrong.
Thanks again |
|
| said by Tablet:
Before that could you Markus or anyone else pls explain to me what in fact does FIPS compliance guarantee.
»www.itl.nist.gov/fipspubs/geninfo.htm
"Under the Information Technology Management Reform Act (Public Law 104-106), the Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions."
»www.itl.nist.gov/fipspubs/geninfo.htm#nist
"The major focus of NIST activities in information technology is developing tests, measurements, proofs of concept, reference data and other technical tools to support the development of pivotal, forward-looking technology.
Under Section 513 of the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987, Public Law 104-106, NIST develops standards, guidelines, and associated methods and techniques for Federal computer systems.
- including those needed to assure the cost-effective security and privacy of sensitive information in Federal computer systems,
- when there are compelling Federal requirements and there are no existing voluntary industry standards."
quote:
Until now I thought that SSL is very secure, now I see that it might not me.
It is. But NIST approved algorithms are even more secure.
quote:
I thought 128 bit encryption was used in SSL.
Actually, SSL uses 40, 56, 128 and 168bit symmetric keys (with RC4, DES and 3DES algorithms). It also uses 512-3076bit asymmetric keys (RSA).
quote:
I have read you site Markus but I didn't get all the stuff about encryption, so sorry if I am completely wrong.
Well, these things are complicated. Some tips here »www.markusjansson.net/esecuring.html#secure
--
My computer security & privacy related homepage »www.markusjansson.net |
|
TabletPremium
join:2003-01-15
Czech | Now I read that Windows XP with SP1 uses AES 256 bit symmetric key encryption for EFS. The document says, that if I enable "Use FIPS compliant Algorithms" in Group Policy, the EFS will start using 3DES.
But based on what I have read AES is better and newer symmetric encryption algorithm and also it is already FIPS compliant.
This seems to me that by enabling "Use FIPS Algorithms" I actually downgrade my security settings
You can get the document here:
»www.microsoft.com/windowsxp/pro/···stem.doc |
|
| said by Tablet:
Now I read that Windows XP with SP1 uses AES 256 bit symmetric key encryption for EFS. The document says, that if I enable "Use FIPS compliant Algorithms" in Group Policy, the EFS will start using 3DES.
But based on what I have read AES is better and newer symmetric encryption algorithm and also it is already FIPS compliant.This seems to me that by enabling "Use FIPS Algorithms" I actually downgrade my security settings
So it seems. I dont quite get this. This is all new to me, I tought that WindowsXP always uses either DES or 3DES, but apparently this SP1 changed that thing.
I have asked MS that whats the catch here...how can one
1) Use DES for EFS?
2) Use 3DES for EFS (OK, it seems that you can do this when you enable FIPS)?
3) Use AES for EFS (OK, it seems that you can do this when you disable FIPS)?
I refer to this that I found on that document:
"Note If a user needs to access an encrypted file from both Windows 2000 and Windows XP, the AES 256 nor the 3DES algorithm should not be enabled." ...so WHAT is enabled then and HOW it is enabled?!?!?!?
--
My computer security & privacy related homepage
»www.markusjansson.net
[text was edited by author 2003-03-05 11:06:01] |
|
TabletPremium
join:2003-01-15
Czech | said by jansson_mark:
I refer to this that I found on that document:
"Note If a user needs to access an encrypted file from both Windows 2000 and Windows XP, the AES 256 nor the 3DES algorithm should not be enabled." ...so WHAT is enabled then and HOW it is enabled?!?!?!?
This I find weird too, but the only explanation that comes to me is that the above quote from the document only applies to Win 2000 and WinXP without SP1. So to summarise, I think it is as follows:
Win 2000 and XP without Servicepack use DES as default crypto. In XP 3DES may be enabled by enabling "FIPS".
Win XP with SP1 use AES-256 as default and may use 3DES by enabling "FIPS".
It would be nice, if someone from M$ would make it more clear. It doesn't make sense still why with "FIPS" the crypto should be weaker since AES is already FIPS compliant too. May be next the servicepack will patch it. |
|
TabletPremium
join:2003-01-15
Czech | reply to compostuser
Re: Securing my Certificates I found this link on TechNet where they try to explain how FIPS affects SSL and EFS.
»www.microsoft.com/technet/treevi···/630.asp
It proves your previous point Markus, but still no explanation regarding default encryption algorithm under WinXP SP1 It only mentions that WinXP uses DES as default and that we already know. |
|
| said by Tablet:
It proves your previous point Markus, but still no explanation regarding default encryption algorithm under WinXP SP1
Default is AES-256 with WinXP SP1.
quote:
It only mentions that WinXP uses DES as default and that we already know.
The BIG question is, how can one select AES-256 later, and how can one choose DES later on. All that we know now is, that if you dont change the FIPS setting AT ALL and install SP1, then you are using AES...and...when FIPS is set to "enable" you use 3DES. Thats all. I really hope MS gives us some answers...
--
My computer security & privacy related homepage »www.markusjansson.net |
|
