Re: Re: Re: Why isn't full disk encryption from manufactures a slam dunk?

[empfour () hotmail com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well as you know, for example, the US government has now started to require companies to publish and inform when 
electronic breaks-in and theft occur.

While conceptually encryption is secure, it is the implementation of it which comes into question.  Realistically when 
a crypto-cracker starts his work, the first thing he is going to do is find out not only what kind of encryption is 
being used, but also what product was used to implement it.  This is to locate any vulnerabilities in certain versions 
of certain products which can be exploited to break in.  The next thing he is going to do is run through a list of 
commonly used passwords and perform a dictionary-based attack to take advantage of a possibly weak password.  After 
that, he might start looking into aspects of the user(s) who using the security to determine commonly used pieces of 
information such as dates, names of family/friends/pets, and so forth.  If this information is not readily available on 
the Internet, a determined person can always "dumpster dive".  Who knows, perhaps the user wrote it down somewhere?  As 
I said, it is the implementation which is the we
 akpoint.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFG8fVLbewdQwZMkngRAleIAJ0bz8x7LJYiYwB0EhsyNNOyuI6s0gCbBpYS
jBLY1aa/c472li+YnRDcfKM=
=VFYf
-----END PGP SIGNATURE-----