Re: Off Topic: Disk Encryption

[Adam Shostack <adam () homeport org>]

        Given the recent work by Peter Guttmann on MS crypto, I'm
curious if anyone has looked at these products from a crypto solidity
point of view?  Do they resist weak passwords being entered?  Do they
solidly hash the password into a key, or use it raw?  Do they leak key
bits into the file datastream?  Offer a known plaintext header?  Does
it encrypt my file to the same ciphertext each time, or does it use an
IV?  Does it use CFB mode, or ECB mode ciphers?  Does it scrub the
memory it used for keys when its done with them?

        Bruce Schneier gave a talk at RSA98 called Common Pitfalls of
cryptography, Paul Kocher gave one as well.  Any system is breakable
given enough time.  Many of the mistakes above make 'enough time' into
a small number.

Adam


EJ wrote:

| You might have forgot to mention the F-Secure Desktop from DataFellows
| Group (www.datafellows.com). Its a product from the same company which
| distributes SSH solutions for most platforms. The F-Secure Desktop
| provides Triple-DES and Blowfish file encryption and also has the ability
| to overwrite data 7 times which might not be 'fool-proof' but is pretty
| solid in my opinion. 
| 
| -ejr
| 
| On Tue, 3 Feb 1998, Mike Tibodeau wrote:
| 
| > Sorry for the interuption, but if you have any opinions,
| > I would like to hear them, privately.
| > 
| > The topic of hard drive encryption (for Win95/NT) was discussed
| > some time ago by a number of individuals.  Some of the products 
| > mentioned were:
| > 
| > WP Winsafe 1.5  
| > Fortres 101 
| > A product from www.eliashim.com 
| > Encrypt-it by MaeDae
| > Norton For Your Eyes Only
| > RSA SecurePC
| > TSS Officelock
| > McAfee Security Suite
| > 
| > If anyone has used these (or others) and has a solid like or
| > dislike, please let me know.
| > 
| > -Mike
| > 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume