Yes, you have a point. For a determined and resourceful thief, this could represent a problem for even encrypted data.
Thankfully, that's not the goal or incentive of most thieves, and thus the existence of encrypted data will move them on to easier targets. You'll still be without your phone, of course. *ASB *(Find me online via About.Me <http://about.me/Andrew.S.Baker/bio>) *Exploiting Technology for Business Advantage... * On Thu, Feb 10, 2011 at 12:31 PM, Matthew W. Ross <[email protected]>wrote: > > If data is encrypted with strong crypto, and that crypto's secret > > key is not stored on the device, then that data can generally be > > considered safe even if the device is stolen. > > > > In English, that means if the security depends on a strong password > > the user must enter (and not on some magic the manufacturer has > > "hidden" inside the device), the password-protected data is safe. > > ... Isn't that only partially true? I mean, if the encrypted data is > stolen, isn't it reasonable to believe it can be cracked given enough > time/cpu power? > > I was always told that no encryption is uncrackable given the right > resources. What you buy with strong cryptography is an expected length of > time before it's cracked. But, that may be just what I have been told. > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Ben Scott > [mailto:[email protected]] > To: NT System Admin Issues > [mailto:[email protected]] > Sent: Thu, 10 Feb 2011 > 09:17:29 -0800 > Subject: Re: IPhone attack reveals passwords in six minutes > > > > On Thu, Feb 10, 2011 at 12:10 PM, S Powell <[email protected]> wrote: > > > Yep, big security issue, but if someone has physical control of your > > > device, any device, you should always consider it compromised. > > > > If data is encrypted with strong crypto, and that crypto's secret > > key is not stored on the device, then that data can generally be > > considered safe even if the device is stolen. > > > > In English, that means if the security depends on a strong password > > the user must enter (and not on some magic the manufacturer has > > "hidden" inside the device), the password-protected data is safe. > > > > Note also "stolen". If someone can compromise the software and > > *give it back to you*, so you then continue to use it, all bets are > > off. > > > > -- Ben > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
