Firewall Wizards mailing list archives
Re: Off Topic: Disk Encryption
From: Adam Shostack <adam () homeport org>
Date: Sun, 8 Feb 1998 03:38:13 -0500 (EST)
Given the recent work by Peter Guttmann on MS crypto, I'm curious if anyone has looked at these products from a crypto solidity point of view? Do they resist weak passwords being entered? Do they solidly hash the password into a key, or use it raw? Do they leak key bits into the file datastream? Offer a known plaintext header? Does it encrypt my file to the same ciphertext each time, or does it use an IV? Does it use CFB mode, or ECB mode ciphers? Does it scrub the memory it used for keys when its done with them? Bruce Schneier gave a talk at RSA98 called Common Pitfalls of cryptography, Paul Kocher gave one as well. Any system is breakable given enough time. Many of the mistakes above make 'enough time' into a small number. Adam EJ wrote: | You might have forgot to mention the F-Secure Desktop from DataFellows | Group (www.datafellows.com). Its a product from the same company which | distributes SSH solutions for most platforms. The F-Secure Desktop | provides Triple-DES and Blowfish file encryption and also has the ability | to overwrite data 7 times which might not be 'fool-proof' but is pretty | solid in my opinion. | | -ejr | | On Tue, 3 Feb 1998, Mike Tibodeau wrote: | | > Sorry for the interuption, but if you have any opinions, | > I would like to hear them, privately. | > | > The topic of hard drive encryption (for Win95/NT) was discussed | > some time ago by a number of individuals. Some of the products | > mentioned were: | > | > WP Winsafe 1.5 | > Fortres 101 | > A product from www.eliashim.com | > Encrypt-it by MaeDae | > Norton For Your Eyes Only | > RSA SecurePC | > TSS Officelock | > McAfee Security Suite | > | > If anyone has used these (or others) and has a solid like or | > dislike, please let me know. | > | > -Mike | > | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Off Topic: Disk Encryption Mike Tibodeau (Feb 03)
- Re: Off Topic: Disk Encryption EJ (Feb 06)
- Re: Off Topic: Disk Encryption -= ArkanoiD =- (Feb 07)
- Re: Off Topic: Disk Encryption Adam Shostack (Feb 09)
- Re: Off Topic: Disk Encryption Jeromie Jackson (Feb 07)
- <Possible follow-ups>
- Re: Off Topic: Disk Encryption Paul McNabb (Feb 04)
- Re: Off Topic: Disk Encryption EJ (Feb 06)