On 23/09/13 02:07 AM, Shawn Wilson wrote:
Again some proof would be nice.
No proof. Don't forget who you are dealing with. We have to suspend
normal degrees of skepticism and work with reasonable judgement,
"balance of probabilities."
The NIST/RSA breach event exceeds by a country mile
On 23/09/13 07:12 AM, Dev Random wrote:
I've been thinking about this for a while now and I don't see a way to
do this with today's mobile devices without some external help.
The issue is that it's pretty much impossible to delete data securely
from a flash device.
Why is that?
That means
On Mon, Sep 23, 2013 at 11:02:45AM +0300, ianG wrote:
> On 23/09/13 07:12 AM, Dev Random wrote:
> >I've been thinking about this for a while now and I don't see a way to
> >do this with today's mobile devices without some external help.
> >
> >The issue is that it's pretty much impossible to delete
While I get wear leveling is a problem, I'm not sure if the flash in a phone
is even going to use wear-leveling, but say for the sake of argument it
does. It is however not a completely brand-new problem, relatedly spinning
disks now and then suffer sector failures, and the failed sectors are
rem
On 09/23/2013 10:02 AM, ianG wrote:
>> The issue is that it's pretty much impossible to delete data securely
>> from a flash device.
> Why is that?
The flash memory controller hides the real storage cells from you and
spreads writes across all cells equally for wear-leveling. You cannot
directly a
Adam Back writes:
>Apparently or so I've heard claim SSDs also offer lower level APIs to
>actually wipe physical (not logically wear-level mapped) cells, to reliably
>wipe working cells. Anyone know about those? They could be used where
>available and to the extent they are trusted.
What you'r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks Trevor and Adam for your comments on this - I take your point
about the importance of forward secrecy for metadata, so I'll abandon
the idea of using ephemeral-static ECDH to protect the metadata.
On 20/09/13 01:55, Trevor Perrin wrote:
> Inter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/09/13 05:12, Dev Random wrote:
> I've been thinking about this for a while now and I don't see a way
> to do this with today's mobile devices without some external help.
>
> The issue is that it's pretty much impossible to delete data
> securely
I made a suggestion like this elsewhere:
Store the keys split up in several different files using Shamir's Secret
Sharing Scheme. Encrypt each file with a different key. Encrypt those keys
with a master key. XOR each encrypted key with the SHA256 of their
respective encrypted files. Put those XORe
On Mon, Sep 23, 2013 at 1:25 AM, Adam Back wrote:
>
> For wear-leveling its more tricky, but it I think the trick to deletion
> would be to delete and temporarily fill the disk - even wear leveling has to
> delete then.
Reardon et al have some good analysis of this [1,2]. They propose
keeping th
On Sun, Sep 22, 2013 at 9:21 PM, Jeffrey Walton wrote:
> ...
> Painting with a broad brush, part of the solution is a remote
> administration board that can''t be removed. Cf, Fujitsu LOM (Lights
> Out Management), HP ILO (Integrated Lights Out) HP RILO (Remote
> Integrated Lights Out), Compaq RIB
(Changing the subject line to reflect topic drift).
Thats not bad (make the decryption dependant on accessibility of the entire
file) nice as a design idea. But that could be expensive in the sense that
any time any block in the file changes, you have to re-encrypt the
encryption or, more effici
On Mon, Sep 23, 2013 at 1:33 PM, Jeffrey Walton wrote:
> ...
> Do you just snatch the source code and intellectual property, or do
> you use it as a springboard into other things? (I've never really
> thought about it).
for better or for worse (mostly better) these systems have made their
way in
i really can't emphasize this enough:
robust defense is based on realistic threats,
and realistic threats are identified via attackers' perspective.
i've been diving down this rabbit hole since before i challenged
covert FLTINFOWARCEN members* to "get as blackhat on this motherfucker
as you can"
On Mon, Sep 23, 2013 at 01:39:35PM +0100, Michael Rogers wrote:
Apple came within a whisker of solving the problem in iOS by creating
an 'effaceable storage' area within the flash storage, which bypasses
block remapping and can be deleted securely. However, iOS only uses
the effaceable storage fo
On Mon, Sep 23, 2013 at 4:17 PM, coderman wrote:
>...
>> the source code provides "hard coded" keys/passwords or pointers to
>> files where interesting bits lay,
someone asks: "how do you find the interesting sources?"
this is something i pride myself on, having dealt with scores of large
enter
On Mon, Sep 23, 2013 at 4:51 AM, Michael Rogers
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Thanks Trevor and Adam for your comments on this - I take your point
> about the importance of forward secrecy for metadata, so I'll abandon
> the idea of using ephemeral-static ECDH to pro
17 matches
Mail list logo