[mdlug] Disk encryption - once copied its vunerable
David Lane
dcl400m at yahoo.com
Fri Feb 22 14:27:02 EST 2008
An other thing to note when a file is deleted it is simply deleted from the Disk table, and the sectors that have the data is still populated with the file data.
David
----- Original Message ----
From: "Ingles, Raymond" <Raymond.Ingles at compuware.com>
To: MDLUG's Main discussion list <mdlug at mdlug.org>
Sent: Friday, February 22, 2008 2:15:06 PM
Subject: Re: [mdlug] Disk encryption - once copied its vunerable
>
From:
gib at juno.com
>
Okay,
I
understand
that
having
the
key
makes
it
a
lot
easier
>
to
decrypt
the
data.
But
isn't
it
possible
to
decrypt
the
>
data
by
brute
force
too?
So,
encryption
is
not
completely
>
safe,
right?
Well,
yes
and
no.
If
an
encryption
scheme
is
solid-enough
that
brute-force
guessing
is
your
scheme,
and
the
key
is
sufficiently
large,
then
there's
no
realistic
chance
of
breaking
the
encryption.
Bruce
Schneier
has
an
article
somewhere
where
he
shows
that
you'd
need
all
the
energy
the
Sun
has
produced
and
ever
will
produce
just
to
cycle
a
256-bit
register
through
all
2^256
possible
values.
As
he
put
it:
"[B]rute
force
attacks
against
256-bit
keys
will
be
infeasible
until
computers
are
built
from
something
other
than
matter
and
occupy
something
other
than
space."
*However*,
many
encryption
schemes
have
ways
to
drastically
reduce
the
number
of
guesses
needed.
Public-key
algorithms,
for
example,
just
require
factoring
a
number,
which
is
much
simpler.
They
compensate
by
making
the
numbers
much
bigger.
Fortunately
disk
encryption
tends
to
use
symmetric-key
algorithms
from
what
I
understand,
and
there
are
cyphers
for
which
there's
no
publicly
known
attack
better
than
brute-force
guessing.
*Further
however*,
just
because
an
attack
isn't
*publicly*
known
doesn't
mean
that
there
isn't
one
that's
*privately*
known.
For
example,
there
are
documented
cases
where
it's
been
shown
that
the
NSA
knew
about
types
of
attacks
on
encryption
schemes
decades
before
they
were
published
academically.
*Further
further
however*,
in
practice
encryption
keys
usually
need
to
be
remembered
by
humans,
and
not
too
inconvenient
to
type
in.
These
are
fairly
severe
limitations
and
'dictionary'
attacks,
as
well
as
related
schemes,
are
often
successful.
Generally-speaking
if
your
encrypted
data
may
have
been
copied
for
offline
attack,
it's
best
to
assume
that
it
*will*
be
broken
eventually,
and
take
whatever
steps
may
be
appropriate.
So
long
as
a
reasonable
encryption
scheme
has
been
chosen,
you're
likely
to
have
some
time
to
do
so.
As
has
been
noted,
adding
a
way
to
wipe
DRAM
on
power-loss
would
be
a
defense
against
the
attack
that
sparked
this
thread.
I'd
imagine
military/security
hardware
might
be
built
with
a
capacitor
on-chip
-
if
the
Vcc
signal
is
lost,
it
uses
the
power
stored
in
the
capacitor
to
wipe
the
RAM
cells...
Sincerely,
Ray
Ingles
(313)
227-2317
"Certitude
is
not
the
test
of
certainty."
-
Oliver
Wendell
Holmes,
Jr.
The
contents
of
this
e-mail
are
intended
for
the
named
addressee
only.
It
contains
information
that
may
be
confidential.
Unless
you
are
the
named
addressee
or
an
authorized
designee,
you
may
not
copy
or
use
it,
or
disclose
it
to
anyone
else.
If
you
received
it
in
error
please
notify
us
immediately
and
then
destroy
it.
_______________________________________________
mdlug
mailing
list
mdlug at mdlug.org
http://mdlug.org/mailman/listinfo/mdlug
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
More information about the mdlug
mailing list