Security Basics mailing list archives
Re: How to Test HDD Encryption
From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 13 Nov 2007 19:37:59 +0200 (IST)
On Mon, 12 Nov 2007 infosecofficer () gmail com wrote:
How can we ascertain that the encryption software we have selected is doing its jobs. A small test like removing the hdd of an encrypted laptop and attaching it as an external drive on another laptop shows the drive as unformatted. So far So Good.. But is there any tool available to demonstrate to the management that even the professionals cannot break in even if they lay their hands on the drive physically.
The only reasonable way is to review the source code of the encryption software and generate the binaries with a known-good compiler. You cannot tell good software from snake-oil by inspecting encrypted data it generates, for example, suppose that the data is encrypted with AES but the key is chosen from a list of 1000 predefined keys: all the data looks perfectly random, but still someone who knows about the back door can find the key in less than a second. -- Regards, ASK
Current thread:
- How to Test HDD Encryption infosecofficer (Nov 13)
- RE: How to Test HDD Encryption Deepak J. Mathew (Nov 13)
- Re: How to Test HDD Encryption Ali, Saqib (Nov 13)
- Re: How to Test HDD Encryption Alexander Klimov (Nov 13)
- <Possible follow-ups>
- Re: How to Test HDD Encryption jfvanmeter (Nov 13)
- RE: How to Test HDD Encryption Eric White (Nov 13)
- Re: RE: How to Test HDD Encryption anymouse (Nov 13)
- RE: RE: How to Test HDD Encryption Craig Wright (Nov 13)
- RE: How to Test HDD Encryption jfvanmeter (Nov 13)
- RE: How to Test HDD Encryption Eric White (Nov 13)
- Re: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 13)
- RE: How to Test HDD Encryption jfvanmeter (Nov 13)
- Re: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 13)
- RE: How to Test HDD Encryption Eric White (Nov 13)
(Thread continues...)