A Deeper Look at Decryption: Q&A with Passware CEO and Founder Dmitry Sumin
Recently, Magnet Forensics and Passware partnered to offer full disk decryption in Magnet AXIOM. AXIOM now includes seamless integration with Passware decryption technology, which supports full disk decryption with a known password for BitLocker, TrueCrypt, PGP Desktop encrypted devices, and others.
The full Passware Kit Forensic, with additional features, is also available for purchase. For more information, read our blog post: Magnet Forensics and Passware Partner to Provide Full Disk Decryption in Magnet AXIOM.
We sat down with Passware CEO and Founder, Dmitry Sumin, to discuss the encryption industry and Passware.
Magnet Forensics: Tell us a bit about Passware.
Dmitry Sumin: We’ve been offering solutions for decryption for over 19 years. That’s an eternity for an IT company. 😊 We’ve seen how encryption and decryption tech has evolved over time and we are focused on providing examiners the best tools for decryption. That means we need to be in very close touch with our customers around the world to understand their needs and issues with encryption technology.
To make sure our customers get the latest tools that support the latest applications that could create encrypted folders or encrypted drives, we have four major product releases per year.
Magnet Forensics: Dmitry, how did you get into the encryption/decryption business?
Dmitry Sumin: It was really an accident. I was getting my masters of Computer Science at Moscow State University. I needed to decrypt a doc and I tried to find tools that were capable of decrypting a doc and I failed. So, I built one myself. I posted the software and said if people liked this software, to send me a post card. After a few hundred post cards with feature requests and support requests, I thought I could build this out.
Magnet Forensics: How has Passware changed in the last 19 years?
Dmitry Sumin: In the first few years, we saw a lot of interest from law enforcement and government and after a few years, we launched Passware Kit Forensic and we started seeing more and more customers around the world, although most of our customers are still LE and government.
The need for decryption technology is clearly growing. The problems with encryption are getting bigger and bigger for examiners. In many cases, key evidence could end up being encrypted and examiners need tools to access that evidence. We hear from our customers that they are getting more encrypted evidence than ever. All major operating systems have full disk encryption turned on by default and it’s the same case with mobile devices.
There is an ongoing public debate about whether encryption vendors should provide back doors for law enforcement.” – Dmitry Sumin
Magnet Forensics: When you talk about phone encryption, the conversation can often turn into a debate about lawful access versus personal information protection. How does Passware play into that discussion?
Dmitry Sumin: There is an ongoing public debate about whether encryption vendors should provide back doors for law enforcement. All my experience shows that if you try to put in a back door, the quality of the encryption as a whole goes to zero. The bad actors are using back doors and widening them. All information could be intercepted. That could lead to very painful consequences. We’ve seen many cases where cyber criminals exploit back doors and decryption. We’ve heard about cases where SS7 mobile protocol was used to access text messages that were supposed to protect logging in to banks. Using this insecure protocol, you could access text messages all around the world. That’s a good example of not taking encryption seriously.
Right now mobile phones, tablets, etc. store a lot of valuable information – passwords, logins, photos, etc. if your phone gets lost or stolen, bad guys could access that if there was no encryption. Every day each person creates a lot of digital evidence – using phones, fitness trackers, and more. That’s an immense amount of data. So, encryption is needed to protect user’s privacy. It’s a good thing.
But for forensics examiners, getting access to that information could be imperative. At Passware, we work to create that balance. We provide the technology that allows LE to decrypt lawfully accessed devices.
Magnet Forensics: Do we need more laws around encryption?
Dmitry Sumin: Any law on encryption technology won’t prevent any bad actors who are relying on tools negatively – many open source encryption tools are available with all the source code and documentation and are difficult to regulate, if at all possible.
Magnet Forensics: How is decryption technology advancing to meet the needs of LE and other forensics teams?
Dmitry Sumin: Encryption is getting better and better. We are seeing that both hardware and software vendors are getting much more serious about protecting private data. That’s good for consumers, but presents more difficulties for examiners.
In many cases, when talking about decryption, running a brute force or dictionary attack is required. This involves trying millions or billions of possible passwords. That requires a lot of computing power.
For decryption, we see that GPUs are getting more and more useful as they pack enough computing power to handle that kind of workload.
Companies like NVIDIA are spending billions of dollars making GPU chips faster. These are powerful chips – used not only for decryption, but for AI and self-driving cars.
We have customers using our software on hundreds of networked computers with hardware acceleration to increase the speed of password cracking. But it can still be months before they get the password.
We also provide alternative ways for examiners to get access to the encrypted evidence. We offer memory image analysis and encryption key extraction. It’s interesting to see how memory image analysis is helping examiners. In many cases we see that there is a way to get evidence decrypted in just a few hours instead of doing a time-consuming brute force attack.
Magnet Forensics: How is the partnership with Magnet Forensics working out? What can we expect to see in the future?
Dmitry Sumin: I’m actually very positively surprised how efficient the Magnet Forensics development team is. It’s exciting to see how fast you are at releasing updates. When we provide an update of Passware tech to Magnet Forensics your customers are seeing it really fast. We have a lot of decryption tools in the pipeline for Magnet AXIOM.
We are looking forward to making new decryption and encryption detection features available to Magnet AXIOM users. Passware Kit Forensic is a great add-on for AXIOM. AXIOM now decrypts FDE when a password is known, but Passware Kit Forensic provides other tools for decryption, recovering passwords, encryption keys extraction, and supports hundreds of document types, other than FDE. To purchase Passware Kit Forensic with a 15 percent introductory discount, visit: https://www.passware.com/pkf/magnet. For more information about Passware, click here.