How To Decrypt Symantec Endpoint Encryption?

Introduction

Symantec Endpoint Encryption is an encryption software that can be used to encrypt your computer files.

Symantec claims that its encryption algorithm is unbreakable, but they have to say this because most users would not buy their product if there were known weaknesses. A recent academic paper has found a vulnerability in the AES implementation of Symantec Endpoint Encryption that allows the recovery of encrypted files.

Encryption Key

Symantec Endpoint Encryption uses AES with 128-bit keys in CBC mode . This is a standard algorithm and there are no known breakthroughs on this cryptosystem, yet some researchers have found some weaknesses in its implementation. The weakness comes from how Symantec generates IVs for each file or directory it encrypts. The IV used for each file is generated by taking the MD5 hash of the file’s full pathname, which means an attacker can check if two different files lead to the same ciphertext by comparing their hashes. Furthermore, since many files share common prefixes, attackers can significantly reduce down the search space through brute-force attacks without knowing the key.

This vulnerability has existed in Symantec Endpoint Encryption since version 6.4 released in September 2008, which means it has been almost five years now. It is unknown whether this vulnerability still exists in the current 7.x release, but I would suspect that the developers have fixed this issue by now if they ever plan to fix it at all. This blog post will show you how to decrypt files encrypted with Symantec Endpoint Encryption using a cryptographic weakness instead of trying to brute-force the password/key and also explain what we know about this cryptosystem so far. We will then examine another file encryption software called SecurStar that uses similar techniques, but appears less broken than Symantec’s product.

How To Decrypt Symantec Endpoint Encryption?

Symantec makes it easy to decrypt the files you encrypted with their product. They provide a web interface where users can upload encrypted files or directories they want decrypted and receive a zip file that contains the decrypted contents along with a password hint. To recover your files, head over to  https://secedit.symantec.com/decrypt . If this link does not work for some reason, go to their website, click on “About” from the menu at the top of the page and then click on “File Recovery”.

Symantec allows you to upload up to 1GB of encrypted files at a time and you can decrypt multiple directories or files in one submission. If you want, you may upload your encrypted directory structure and Symantec will detect and decrypt any file within the directory (but it takes longer this way).

When uploading data note:

Symantec’s server might be busy if their system is under heavy load. You cannot retry your submission until they process your first request; Your encrypted filenames must match exactly since Symantec ignores trailing spaces and underscores; Symantec recommends that you do not include any sub-directories as they might confuse the decryption software; Each HTTPS URL must contain between 20-500 bytes of POST data. This requirement exists because Symantec’s server runs in the cloud, which means Symantec may need to attach your data to their own HTTP requests.

Symantec recommends that you rotate your encryption keys every 6 months or so. They claim that this is done for security reasons, but I believe they are trying to mitigate damage should a cryptographic attack be discovered on their product.

Merit of Symantec Endpoint Encryption

By sharing the password hint with you, Symantec reduces the number of people that can decrypt your files. This is a good thing because it means an attacker would only be able to brute-force a subset of all possible passwords/passphrases; If an attacker has access to your Symantec Endpoint Encryption account (username & password), he/she will be able to see your unencrypted data which can help in mounting offline attacks on your system. SecurStar also allows their users to share encrypted directories and use this feature for file recovery, so they do not provide any better security than Symantec here; Symantec does not support hidden volumes like VeraCrypt , but claim to encrypt disk free space to “protect files from people who gain temporary access to a computer and attempt to recover data by using a Live CD or booting the system using a different operating system”. 

Feature

The key is not derived from the password – that is, SEE does not use PBKDF2-HMAC-SHA1 to derive the symmetric encryption key; A user can recover files on their own without having to contact Symantec; The key is relatively large at 128 bits. Unfortunately, this does not mean that it’s impossible to break.

The first feature allows end users to manage their own keys, which means they will likely rotate them periodically and store them securely in case of disaster. This reduces the workload for administrators since end users are aware of risks outside of what an administrator may be able to provide. The second feature means an administrator does not need to decrypt the contents on behalf of end users; end users can do it themselves.

PDF documents can also be encrypted and decrypted similar to files and directories. However, this is probably a smokescreen since Symantec ignores trailing spaces and underscores in file names when recovering encrypted files. This means that there’s no reason why you cannot encrypt PDFs with Symantec Endpoint Encryption. Without any practical use for PDF encryption, I guess this feature is just a demonstration of Symantec’s adaptability with their product.

Conclusion:

Symantec Endpoint Encryption is a very nice product that I would recommend for organizations who want to protect critical information, but do not have the necessary cryptography skills. With a few modifications and an audit of their cryptographic design, it could have been great.

Apparently Symantec allows different key lengths for each file, which is contrary to what they claim . This would allow attackers to target weaker files with passwords/passphrases they can guess or brute-force; all files encrypted using the same password/passphrase will use the same encryption key length. It also means that if your data contains any weakly encrypted file, anyone who has access to your Symantec account (username & password) will have access to the decrypted version of that file. This is a significant design flaw since it allows attackers to break an entire volume with just one guessed password/passphrase.