On Tue, 25 Mar 2008 20:04:29 -0700, Simson Garfinkel <[EMAIL PROTECTED]>
wrote...
> My understanding is that there are several standard ways of
> attacking drive encryption:
>
> * Asking the suspect for the encryption key
> * Threatening the suspect to get the encryption key
> * Brute forcing the passphrase using other information around
> * Looking for the key in memory
>
> But if you use strong passphrases and your users are torture-proof,
> they're probably on a pretty good footings.
You forgot the other side of the rubber hose attacks...extortion,
bribery (in this case, maybe a plea bargain for a severely reduced
sentence), etc. A user may be torture-proof, but assuming that their
is some other evidence that may convict them (as there often is),
they may still not want to waste away the rest of their lives
in jail.
I'm hoping--at this point at least--that the police in this country
aren't routinely sending their suspects to Gitmo for water-boarding
camp.
-kevin
---
Kevin W. Wall Qwest Information Technology, Inc.
[EMAIL PROTECTED] Office Phone: 614.215.4788
"The reason you have people breaking into your software all
over the place is because your software sucks..."
-- Former White House cyber security advisor, Richard Clarke,
at eWeek Security Summit
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
