On Sun, Dec 12, 2010 at 2:14 AM, Thor (Hammer of God) <[email protected]> wrote: >> > Hello to All, >> > >> > If anyone have serious hands-on experience with this, I would like to >> > know some hard facts about this matter... I thought to ask you, >> > because here're some of the top experts in this field, so I could find few >> better places. >> > Hope you can nodge me in the right direction, and take the time to >> > answer this. >> > >> > ... >> > >> > Could some of you please give me some of your thoughts about this? >> > And, maybe, what other methods of file system encryption are out there >> > which are more secure? >> > >> If you are using a PBE (password based encryption), its no stronger than the >> password. Though stated regarding Microsoft's BitLocker, the same applies >> to all PBE systems: "BitLocker, at its core, is a password technology, we >> simply >> have to get the password...", Exploration of Windows 7, Advanced Forensics >> Topic (page 70). >> >> If your file system key is on a USB thumb drive, the security is probably >> only >> as strong as the physical security on the thumb drive. >> >> Jeff > > Hey Jeff - not sure if you read the LE deck or just referenced Wikipedia, but > regarding Bitlocker, there is a good bit more to it. Saying to "simply" get > the password (not sure who would have written that) isn't "simple." It's not > like the password (passphrase) is stored anywhere... And yes, there should > be some physical security around the USB key, where the actual KEY is, but > with Bitlocker anyway, you can leverage TPM, etc to make things far more > difficult. > > I'm not familiar with CentOS's drive encryption solution - does it operate > like bitlocker in that system configuration hashes must match that stored by > BL before mounting? That's one of the benefits of Bitlocker - even if you > have the PIN, you can't mount the drive in another machine. If CentOS acts > in a similar manner, then just getting the password won't help. > > When you throw TPM in the mix with a PIN (as the actual deck refers to), then > you need the PIN to get to the TPM to get the keys used to check the stored > hash against the system before it can mount. TPM-based encryption is pretty > easy, so if CentOS supports that, it very well be far more difficult (or > statistically impossible) to decrypt. In Bitlocker's case, if a recovery > key infrastructure is in place, then those could be leveraged as well. > Agreed if the TPM is present.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
