On Tue, 16 Jan 2007 08:19:41 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:

> Dr. Bellovin,
> > In most situations, disk encryption is useless and probably harmful.
> > It's useless because you're still relying on the OS to prevent
> > access to the cleartext through the file system, and if the OS can
> > do that it can do that with an unencrypted disk.
> I am not sure I understand this. With FDE, the HDD is unlocked by a
> pre-boot kernel (linux). It is not the function of the resident OS to
> unlock the drive.

Not necessarily -- many of my systems have multiple disk drives and
file systems, some of which are on removable media.  Apart from that,
though, this is reinforcing my point -- what is the threat model?
> > It's harmful because you can
> > lose a key.  (Your web page does address that, but I'm perplexed --
> > what is challenge/response authentication for key recovery?)
> Challenge/Response password recovery, as I understand, is a very
> simplified implementation of Secret Sharing. It allows for 2 parties,
> in this case the IT HelpDesk and the User, to collaborate and recover
> a Secret.
> 1) Upon forgetting the password, the user calls the Help Desk.
> 2) The IT Help Desk authenticates the user in the usual ways (e.g.
> check office voice mail etc), as the policy dictates.
> 3) Once authenticated the user give the partial secret to the
> HelpDesk. 4) The HelpDesk then combine it with the secret they have
> to produce a temporary password.
> 5) The temporary password is then used to unlock the HDD "once", and
> new credentials are created.
I wouldn't call that "challenge/response", I'd call that key escrow.
Key escrow isn't a bad idea for storage encryption, but you need
*really* good authentication mechanisms for the backup channel.
Visualize this phone call to the help desk:  "Hi, I'm Pat, the CFO.
I'm in New York for the Board meeting, and my laptop blue-screened and
won't reboot -- it's not accepting my passphrase.  Help!"  Of course,
more or less by definition, Pat isn't online at that point, so the help
desk can't manipulate anything remotely.  (I should add that most
secondary authentication mechanisms I've seen are garbage, especially
when it comes to people on the road.  Since we're talking about laptops
here, that's a very serious threat.)

I don't dispute the need for FDE for (many) laptops.  But remember that
security is a systems property; it's not something you can get by
bolting on crypto.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to