Tracy R Reed wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > John H. Robinson, IV wrote: > > All encrypton does is slow the bad guys down, it does not stop them. The > > law, however, says you do not have to *report* the loss of encrypted and > > stolen personal identifying information. > > I disagree. If someone steals my laptop for crack money they aren't > going to decrypt it. Even if the mob steals my laptop for the data on it > how are they going to crack it? Even if the feds steal my laptop and > dedicate massive resources to cracking it and are successful are they > really going to reveal their ability to do so by taking advantage of the > info in anything but a very non-obvious way?
Ya know - people used to think this. Then they learned that having encrypted (well, hashed) data out in the open was A Bad Thing. Now we have /etc/shadow. Can we learn from mistakes, or do we have to repeat them? Encryption slows the bad guys down, it does not stop them. Better encryption slows them down further. The stronger the encryption, the more dedicated you need to be. It can be very easily likened to physical security. It is a lot easier to get into your car than it is to get into your car that is locked inside a shipping container that is on a boat in the middle of the ocean. The key difference with encryption that the strongest available today is about as expensive as the cheapest. It is also hard to tell just by looking at the data which it is. When your laptop is stolen, do you know who stole it? Do you know how dedicated they are? Are you certain you did not inadvertently make the crytopgraphers job easier by choosing a passphrase that weakens the algorithm? How do you know you did not? Today's toughest encryption is tomorrow's quiant algorithm. CPU power growse, and grows fast. Brute force attacks get easier. Attacks against algorithms get more sophisticated. -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
