I recently read this in an interview dated December 2005 to a NetBSD
programmer:
"The biggest drawback of svnd is its lack of security in the general use
case. It is vulnerable to an offline dictionary attack. That is, you can
generate a database mapping known ciphertext blocks on the disk back into
pass phrases that can be accessed in O(1) without even being in possession
of the disk. What's even worse is that the same database will work on any
svnd disk. It is possible--and perhaps even likely--that large agencies
such as the NSA have constructed such a database and can crack a majority
of the svnds in the world in less than a second."
It sounds scary,specially for those of us who do not understand too much
about computers, I basically wanted to know if there is any truth in all
this or it just another persorn trying to sell his product well by
undermining others.
Zoraya
Source of interview:
http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html
