Dr. Bellovin,

In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do that with an unencrypted disk.

I am not sure I understand this. With FDE, the HDD is unlocked by a
pre-boot kernel (linux). It is not the function of the resident OS to
unlock the drive.

It's harmful because you can
lose a key.  (Your web page does address that, but I'm perplexed --
what is challenge/response authentication for key recovery?)

Challenge/Response password recovery, as I understand, is a very
simplified implementation of Secret Sharing. It allows for 2 parties,
in this case the IT HelpDesk and the User, to collaborate and recover
a Secret.
1) Upon forgetting the password, the user calls the Help Desk.
2) The IT Help Desk authenticates the user in the usual ways (e.g.
check office voice mail etc), as the policy dictates.
3) Once authenticated the user give the partial secret to the HelpDesk.
4) The HelpDesk then combine it with the secret they have to produce a
temporary password.
5) The temporary password is then used to unlock the HDD "once", and
new credentials are created.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to