[mdlug] Disk encryption - once copied its vunerable

gib at juno.com gib at juno.com
Fri Feb 22 13:52:58 EST 2008 

 
Okay, I understand that having the key makes it a lot easier to decrypt the data. But isn't it possible to decrypt the data by brute force too?   So, encryption is not completely safe, right?
I was watching the new Knight Rider (talking car) on TV. The inventor's laptop was stolen by the bad guys.  But then a statement  was made that they recovered the laptop and the encryption was not broken.  I think that once the bad guys have a laptop they can make a copy of the data and then they can allow the laptop to be returned.  They can take their time cracking the data.


-- "Jeff Hanson" <jhansonxi at gmail.com> wrote:
On Fri, Feb 22, 2008 at 10:53 AM, Garry Stahl <tesral at comcast.net> wrote:
> http://www.networkworld.com/news/2008/022108-disk-encryption-cracked.html?page=1
>
>  Network World article pointing out that who controls the physical
>  computer, controls the data in it.  There is a method to crack disk
>  encryption.  It ain't easy, and you would have to have it ready, but it
>  is possible.

The security implications of loading the decryption keys into DRAM is
something I though of myself a while ago.  I hadn't realized that the
data retention was that long without power or that cooling them could
increase the data lifetime.  My theory was that it would be possible
to read the memory bus while the system was active and pick up the
keys that way.  According to the report you can chill the DRAM and
just put it in another system for reading which makes encryption about
as useful as a chastity belt.  I disagree with Steven Sprague about
the effectiveness of hardware-based encryption devices as they also
have to load the key making them just as vulnerable.  The only
advantage they offer is a more complicated architecture that would
have to be reverse engineered first so that an attacker would know
where to look before attempting to find the key (obfuscation).  I was
thinking that storing the key in a CPU register would be better as the
complexity and small feature size would make it a lot harder to
extract.  OpenBSD, IIRC, randomizes memory locations so theoretically
it would be more difficult to find a key (again obfuscation).  I think
the Linux solution is to have the kernel wipe entire memory space
before halting or suspending.
_______________________________________________
mdlug mailing list
mdlug at mdlug.org
http://mdlug.org/mailman/listinfo/mdlug


_____________________________________________________________
Click for free info on using seach engines to expand your business.
http://thirdpartyoffers.juno.com/TGL2111/fc/Ioyw6iifVr4L6N73yOzTImEQJlllblPjibWxajC7Lp2ebNLBWDxzFq/

More information about the mdlug mailing list