Security Basics mailing list archives
RE: File Encryption - Part II
From: Kenneth Buchanan <K.Buchanan () Kastenchase com>
Date: Tue, 16 Sep 2003 13:11:07 -0400
That is a good point, and there has been some analysis done on the subject. Such passphrases do indeed provide a reasonable level of security, although they do tend to be hated by the average user. On topic, anyone serious about hardening an encryption system using passphrase-derived keys should read the PGP passphrase FAQ: http://www.stack.nl/~galactus/remailers/passphrase-faq.html It should give you an idea about where to start when trying to make the weakest link as strong as possible. -----Original Message----- From: Kamal Habayeb [mailto:mountainfury () fastmail fm] Sent: Tuesday, September 16, 2003 12:28 PM To: Kenneth Buchanan Cc: 'Rick Jones'; security-basics () securityfocus com Subject: Re: File Encryption - Part II -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kenneth Buchanan wrote: | The point of EFS is to allow file/folder access only to the appropriate | logged-on user ... ~ As a general rule, if a password can be remembered, it can be brute | forced. I agree with you here Kenneth, passwords are usually the weak link in the security equation. I am a strong believer in pass-phrases. Using something like IHatE8traFFic%inDMornING* would offer a strong password and something that the user would be able to remember better than a randomly generated strong password. Cheers, Kamal Habayeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ZzoHWz5e+owG3loRAkKFAJwOji8ekRe9yuV82C7io9WEUhL+swCeNIOt XNQnnszG7Npb+vvfAZ/zo+0= =itM9 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Re: File Encryption - Part II Rick Jones (Sep 16)
- Re: File Encryption - Part II Patrick Boucher (Sep 16)
- RE: File Encryption - Part II Lucas Zaichkowsky (Sep 16)
- <Possible follow-ups>
- RE: File Encryption - Part II Neil Fryer (Sep 16)
- RE: File Encryption - Part II Kenneth Buchanan (Sep 16)
- Re: File Encryption - Part II Kamal Habayeb (Sep 16)
- RE: File Encryption - Part II Kenneth Buchanan (Sep 16)
- RE: File Encryption - Part II Milli Bit (Sep 23)
- RE: File Encryption - Part II Milli Bit (Sep 23)
- Re: File Encryption - Part II Kamal Habayeb (Sep 23)
- RE: File Encryption - Part II Meidinger Chris (Sep 23)
- RE: File Encryption - Part II Chris Berry (Sep 23)