Security Basics mailing list archives
Re: Re: Re: Why isn't full disk encryption from manufactures a slam dunk?
From: empfour () hotmail com
Date: 20 Sep 2007 04:16:37 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well as you know, for example, the US government has now started to require companies to publish and inform when electronic breaks-in and theft occur. While conceptually encryption is secure, it is the implementation of it which comes into question. Realistically when a crypto-cracker starts his work, the first thing he is going to do is find out not only what kind of encryption is being used, but also what product was used to implement it. This is to locate any vulnerabilities in certain versions of certain products which can be exploited to break in. The next thing he is going to do is run through a list of commonly used passwords and perform a dictionary-based attack to take advantage of a possibly weak password. After that, he might start looking into aspects of the user(s) who using the security to determine commonly used pieces of information such as dates, names of family/friends/pets, and so forth. If this information is not readily available on the Internet, a determined person can always "dumpster dive". Who knows, perhaps the user wrote it down somewhere? As I said, it is the implementation which is the we akpoint. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFG8fVLbewdQwZMkngRAleIAJ0bz8x7LJYiYwB0EhsyNNOyuI6s0gCbBpYS jBLY1aa/c472li+YnRDcfKM= =VFYf -----END PGP SIGNATURE-----
Current thread:
- Re: Why isn't full disk encryption from manufactures a slam dunk?, (continued)
- Re: Why isn't full disk encryption from manufactures a slam dunk? gjgowey (Sep 12)
- Re: Why isn't full disk encryption from manufactures a slam dunk? Kurt Buff (Sep 12)
- Re: Why isn't full disk encryption from manufactures a slam dunk? James Fryman (Sep 13)
- Re: Why isn't full disk encryption from manufactures a slam dunk? Nick Owen (Sep 14)
- Re: Why isn't full disk encryption from manufactures a slam dunk? Daniel Anderson (Sep 18)
- Re: Why isn't full disk encryption from manufactures a slam dunk? Michael Painter (Sep 18)
- FW: Why isn't full disk encryption from manufactures a slam dunk? Craig Wright (Sep 13)
- Re: Why isn't full disk encryption from manufactures a slam dunk? zenmasterbob123 (Sep 13)
- Re: Re: Why isn't full disk encryption from manufactures a slam dunk? empfour (Sep 18)
- Re: Re: Why isn't full disk encryption from manufactures a slam dunk? Daniel Anderson (Sep 19)
- Re: Re: Re: Why isn't full disk encryption from manufactures a slam dunk? empfour (Sep 20)
- Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk? gjgowey (Sep 20)
- Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk? ganesh mahadevan (Sep 28)
- Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk? gjgowey (Sep 28)
- Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk? gjgowey (Sep 20)