Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Good design for a Algorithmically Derived Passphrase for FDE (?!)

From: Muhammad Farooq-i-Azam <lists () chase org pk>
Date: Tue, 20 Nov 2007 22:20:47 +0000
On Mon, Nov 19, 2007 at 08:06:30AM -0800, Ali, Saqib wrote:
# On Nov 17, 2007 8:51 PM, ManInWhite <maninwhite () tpg com au> wrote:
# > It has been suggested that we use an
# > algorithm derived passphrase based on some unique hardware number.
# > [ HDD Serial# / Laptop Serial# ]
# 
# So when the laptop is stolen, the thief will also have all these
# serial number, and if they get hold of their algorithm, they can
# re-construct passphrase for any laptop.

Don't you think that the attacker would also need to know p 
before she can calculate passphrase provided she also knows
the algorithm as well. If p is secret and is sufficiently
large so that it is not prone to brute force calculations,
the passphrase cannot be calculated even if the attacker
knows the algorithm and the serial number as well.


There is no use of using an encryption algorithm that has to
be kept secret. In fact, in encryption, algorithms are always
made public so that any flaws could be found be the reviewers
before a determined attacker infers an algorithm somehow and
then finds a way to attack it.

# 
# this kind of scheme may work for equipment that doesn't leave the
# facility e.g. servers in datacenter. But definitely don't use this for
# laptops.
# 
# I suspect you are trying to use BitLocker, which lack centralized key
# management. I would suggest you take a look at some other holistic
# solutions for encrypting your laptops.
# 
# Saqib
# http://www.full-disk-encryption.net/

-- 
Muhammad Farooq-i-Azam

lists () chase org pk
http://www.chase.org.pk/
Previous By Date Next
Previous By Thread Next

Current thread: