Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Good design for a Algorithmically Derived Passphrase for FDE (?!)

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 19 Nov 2007 16:53:34 +0100
On 2007-11-18 ManInWhite wrote:

I have been tasked with deploying partition based encryption for our
fleet of laptops.

It has been suggested that we use an algorithm derived passphrase
based on some unique hardware number. [ HDD Serial# / Laptop Serial# ]


Then your security would depend on the attacker not knowing the
algorithm for deriving the passphrase from the serial numbers (which
will be known to him once he has access to the hardware).

Bad idea. Don't do that.

The only good design for algorithmically derived passphrases is not to
have algorithmically derived passphrases.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Previous By Date Next
Previous By Thread Next

Current thread: