Security Basics mailing list archives
Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk?
From: gjgowey () tmo blackberry net
Date: Thu, 20 Sep 2007 23:11:30 +0000
That's in a hacking scenario. The best thing that this encryption can do is reasonably secure the information when the hard drive is being transported elsewhere or disposed of. Ideally these harddrives should have the equivalent of a bios reset jumper to "forget" the key when they're off or defective beyond startup. Removing the key won't lose the data by itself (useful if moving the drive from one location to another), but putting another key in and low-level formatting the drive then dumping that key will definitely make the drive safe for disposal or resale. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: empfour () hotmail com Date: 20 Sep 2007 04:16:37 To:security-basics () securityfocus com Subject: Re: Re: Re: Why isn't full disk encryption from manufactures a slam dunk? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well as you know, for example, the US government has now started to require companies to publish and inform when electronic breaks-in and theft occur. While conceptually encryption is secure, it is the implementation of it which comes into question. Realistically when a crypto-cracker starts his work, the first thing he is going to do is find out not only what kind of encryption is being used, but also what product was used to implement it. This is to locate any vulnerabilities in certain versions of certain products which can be exploited to break in. The next thing he is going to do is run through a list of commonly used passwords and perform a dictionary-based attack to take advantage of a possibly weak password. After that, he might start looking into aspects of the user(s) who using the security to determine commonly used pieces of information such as dates, names of family/friends/pets, and so forth. If this information is not readily available on the Internet, a determined person can always "dumpster dive". Who knows, perhaps the user wrote it down somewhere? As I said, it is the implementation which is the we akpoint. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFG8fVLbewdQwZMkngRAleIAJ0bz8x7LJYiYwB0EhsyNNOyuI6s0gCbBpYS jBLY1aa/c472li+YnRDcfKM= =VFYf -----END PGP SIGNATURE-----
Current thread:
- Re: Why isn't full disk encryption from manufactures a slam dunk?, (continued)
- Re: Why isn't full disk encryption from manufactures a slam dunk? Kurt Buff (Sep 12)
- Re: Why isn't full disk encryption from manufactures a slam dunk? James Fryman (Sep 13)
- Re: Why isn't full disk encryption from manufactures a slam dunk? Nick Owen (Sep 14)
- Re: Why isn't full disk encryption from manufactures a slam dunk? Daniel Anderson (Sep 18)
- Re: Why isn't full disk encryption from manufactures a slam dunk? Michael Painter (Sep 18)
- FW: Why isn't full disk encryption from manufactures a slam dunk? Craig Wright (Sep 13)
- Re: Why isn't full disk encryption from manufactures a slam dunk? zenmasterbob123 (Sep 13)
- Re: Re: Why isn't full disk encryption from manufactures a slam dunk? empfour (Sep 18)
- Re: Re: Why isn't full disk encryption from manufactures a slam dunk? Daniel Anderson (Sep 19)
- Re: Re: Re: Why isn't full disk encryption from manufactures a slam dunk? empfour (Sep 20)
- Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk? gjgowey (Sep 20)
- Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk? ganesh mahadevan (Sep 28)
- Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk? gjgowey (Sep 28)
- Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk? gjgowey (Sep 20)