Security Basics mailing list archives
Re: Good design for a Algorithmically Derived Passphrase for FDE (?!)
From: Muhammad Farooq-i-Azam <lists () chase org pk>
Date: Tue, 20 Nov 2007 22:20:47 +0000
On Mon, Nov 19, 2007 at 08:06:30AM -0800, Ali, Saqib wrote: # On Nov 17, 2007 8:51 PM, ManInWhite <maninwhite () tpg com au> wrote: # > It has been suggested that we use an # > algorithm derived passphrase based on some unique hardware number. # > [ HDD Serial# / Laptop Serial# ] # # So when the laptop is stolen, the thief will also have all these # serial number, and if they get hold of their algorithm, they can # re-construct passphrase for any laptop. Don't you think that the attacker would also need to know p before she can calculate passphrase provided she also knows the algorithm as well. If p is secret and is sufficiently large so that it is not prone to brute force calculations, the passphrase cannot be calculated even if the attacker knows the algorithm and the serial number as well. There is no use of using an encryption algorithm that has to be kept secret. In fact, in encryption, algorithms are always made public so that any flaws could be found be the reviewers before a determined attacker infers an algorithm somehow and then finds a way to attack it. # # this kind of scheme may work for equipment that doesn't leave the # facility e.g. servers in datacenter. But definitely don't use this for # laptops. # # I suspect you are trying to use BitLocker, which lack centralized key # management. I would suggest you take a look at some other holistic # solutions for encrypting your laptops. # # Saqib # http://www.full-disk-encryption.net/ -- Muhammad Farooq-i-Azam lists () chase org pk http://www.chase.org.pk/
Current thread:
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!), (continued)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Ansgar -59cobalt- Wiechers (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) ManInWhite (Nov 19)
- RE: Good design for a Algorithmically Derived Passphrase for FDE (?!) Arbogast, Paul (Citco) (Nov 20)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Ansgar -59cobalt- Wiechers (Nov 20)
- RE: Good design for a Algorithmically Derived Passphrase for FDE (?!) David Gillett (Nov 20)
- RE: Good design for a Algorithmically Derived Passphrase for FDE (?!) Pranav Lal (Nov 21)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) ManInWhite (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Ansgar -59cobalt- Wiechers (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Ali, Saqib (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Geoffrey Gowey (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) ManInWhite (Nov 20)
- RE: Good design for a Algorithmically Derived Passphrase for FDE (?!) Eric White (Nov 20)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Geoffrey Gowey (Nov 19)
- Re: Good design for a Algorithmically Derived Passphrase for FDE (?!) Muhammad Farooq-i-Azam (Nov 20)