Re: (article) "We recovered the laptop!" ... so what?

[sawaba <sawaba () forced attrition org>]

I disagree. If they encrypted the data correctly, they know very well if 
it is secure or not. There are specific encryption algorithms and 
associated key lengths considered suitable for disk encryption. The most 
commonly accepted is AES with a 256-bit key.

It is chosen as such, because as of yet, no flaw has been found in AES, 
and a 256-bit key could not be brute-forced in any feasible time frame 
with current technology. In other words, when you finally brute force it 
10 or 15 years from now, the credit card numbers and SSNs will be useless 
anyway.

--Sawaba


On Mon, 12 Feb 2007, blitz wrote:

> Ok, so youve got a copy of an encrypted disk to crack at your leisure. The 
> data is still compromised and in someone elses hands, and they have no idea 
> if its secure or not.
> That still counts as a loss in my book.
>
> At 08:54 2/12/2007, you wrote:
> > Hi everyone
> >
> > This thead is very interesting. All techniques so far deal with reading 
> > data at a low level. Will Windows Vista prevent techniques such as Symantec 
> > Ghost? I understand that Vista performs bit-level encryption with its 
> > BitLocker technology.
> >
> > Thanks.
> >
> > Herve Roggero
> > Managing Partner
> > Pyn Logic LLC
> > Visit www.pynlogic.com
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 148 million compromised records in 573 incidents over 7 years.