Security Basics mailing list archives
Re: Good design for a Algorithmically Derived Passphrase for FDE (?!)
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 19 Nov 2007 16:53:34 +0100
On 2007-11-18 ManInWhite wrote:
I have been tasked with deploying partition based encryption for our fleet of laptops. It has been suggested that we use an algorithm derived passphrase based on some unique hardware number. [ HDD Serial# / Laptop Serial# ]
Then your security would depend on the attacker not knowing the algorithm for deriving the passphrase from the serial numbers (which will be known to him once he has access to the hardware). Bad idea. Don't do that. The only good design for algorithmically derived passphrases is not to have algorithmically derived passphrases. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Good design for a Algorithmically Derived Passphrase for FDE (?!) ManInWhite (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Ansgar -59cobalt- Wiechers (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) ManInWhite (Nov 19)
- RE: Good design for a Algorithmically Derived Passphrase for FDE (?!) Arbogast, Paul (Citco) (Nov 20)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Ansgar -59cobalt- Wiechers (Nov 20)
- RE: Good design for a Algorithmically Derived Passphrase for FDE (?!) David Gillett (Nov 20)
- RE: Good design for a Algorithmically Derived Passphrase for FDE (?!) Pranav Lal (Nov 21)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) ManInWhite (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Ansgar -59cobalt- Wiechers (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Ali, Saqib (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Geoffrey Gowey (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) ManInWhite (Nov 20)
- RE: Good design for a Algorithmically Derived Passphrase for FDE (?!) Eric White (Nov 20)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Geoffrey Gowey (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Muhammad Farooq-i-Azam (Nov 20)