Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Good design for a Algorithmically Derived Passphrase for FDE (?!)

From: "Geoffrey Gowey" <gjgowey () gmail com>
Date: Mon, 19 Nov 2007 17:26:36 -0500
If this is for the benefit of the end user then why not use some off
the wall personal information from them?  I have yet to hear of anyone
mentioning using things like shoe size, their height, weight, and date
of hire for portions of a password.

Geoff


On 11/19/07, Ali, Saqib <docbook.xml () gmail com> wrote:

On Nov 17, 2007 8:51 PM, ManInWhite <maninwhite () tpg com au> wrote:

It has been suggested that we use an
algorithm derived passphrase based on some unique hardware number.
[ HDD Serial# / Laptop Serial# ]


So when the laptop is stolen, the thief will also have all these
serial number, and if they get hold of their algorithm, they can
re-construct passphrase for any laptop.

this kind of scheme may work for equipment that doesn't leave the
facility e.g. servers in datacenter. But definitely don't use this for
laptops.

I suspect you are trying to use BitLocker, which lack centralized key
management. I would suggest you take a look at some other holistic
solutions for encrypting your laptops.

Saqib
http://www.full-disk-encryption.net/




-- 
Kindest Regards,

Geoff
Previous By Date Next
Previous By Thread Next

Current thread: