On Jan 18, 2007, at 6:57 PM, Saqib Ali wrote:
When is the last time you checked the code for the open source app
that you "use", to make sure that it is written properly?
30 seconds ago.
What mode is it using? How much information is encrypted under a
single key. Was the implementation FI
On Jan 19, 2007, at 4:06 AM, Bill Stewart wrote:
[...] if you're trying to protect against KGB-skilled attacks [...]
On the other hand, if you're trying to protect against
lower-skilled attackers, [...]
I always find these arguments particularly frustrating.
By slowly raising the bar for
On Sat, Jan 20, 2007 at 10:10:47PM +1300, Peter Gutmann wrote:
> Victor Duchovni <[EMAIL PROTECTED]> writes:
>
> >It took reading the code to determine the following:
> >
> >- ASN.1 Strings extracted from X.509v3 certs are not validated for
> >conformance with the declared character synta
On Fri, 19 Jan 2007, Bill Stewart wrote:
> Obviously if you're trying to protect against KGB-skilled attacks
> on stolen/confiscated hardware, you'd like to have the swap partition
> encrypted as well as any user data partitions, though you may not care
> whether your read-only utility software was
Victor Duchovni <[EMAIL PROTECTED]> writes:
>It took reading the code to determine the following:
>
>- ASN.1 Strings extracted from X.509v3 certs are not validated for
>conformance with the declared character syntax. Strings of type
>PrintableString or IA5String may hold non-printable
As far as "Full Disk Encryption"'s usefulness as a term goes,
I'd distinguish between several different kinds of applications
for encrypting the contents of a disk
1 - The disk drive or maybe disk controller card (RAID, SCSI, etc.)
encrypts all the bits written to the drive
and de
At 03:57 PM 1/18/2007, Saqib Ali wrote:
When is the last time you checked the code for the open source app
that you "use", to make sure that it is written properly?
When is the last time you carefully checked the code for a closed source
app that you use? (Besides the one you mentioned to sta
On Thu, Jan 18, 2007 at 03:57:46PM -0800, Saqib Ali wrote:
> When is the last time you checked the code for the open source app
> that you "use", to make sure that it is written properly?
>
Yesterday, in the case of OpenSSL, though I was only looking at how
ASN.1 strings that store the subject C
Algorithms can be perfect and implementation sloppy. If you can
review the code you might find the problem, but with proprietary
code, fergetit.
I think you guys are missing the point. The term "Snake-Oil Crypto"
refers to the algorithm and NOT the actual implementation. This is a
"important" di
Saqib Ali wrote:
Since when did AES-128 become "snake-oil crypto"? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
"snake-oil crypto"
Saqib,
I believe you are correct as to the algorithm, but the snake-oil
is in the implementation,
As I have often said, "A
On Thu, 18 Jan 2007, Saqib Ali wrote:
> Since when did AES-128 become "snake-oil crypto"? How come I missed
> that? Compusec uses AES-128 . And as far as I know AES is NOT
> "snake-oil crypto"
It is even easier to use a good cryptographic transform in a way that is
utterly insecure then it is to
On 1/18/07, Saqib Ali <[EMAIL PROTECTED]> wrote:
Since when did AES-128 become "snake-oil crypto"? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
"snake-oil crypto"
He didn't say that AES is snake oil. He says he wants assurance that
the tool operates correctly.
Since when did AES-128 become "snake-oil crypto"? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
"snake-oil crypto"
Closed-source doesn't mean that it is "snake-oil". If that was the
case, the Microsoft's EFS, and Kerberos implementation would be "snake
oil" too.
On Wed, 17 Jan 2007, Saqib Ali wrote:
[[addressed to Steven Bellovin, but copied to the whole list]]
> I would like to invite you to try out a Free FDE product called
> Compusec < http://www.ce-infosys.com/ >
If I have data that's valuable enough to need encryption, I'm going
to be nervous trustin
Steven M. Bellovin wrote:
Not necessarily -- many of my systems have multiple disk drives and
file systems, some of which are on removable media. Apart from that,
though, this is reinforcing my point -- what is the threat model?
PC/RT had external scsi disk drive housing ... with scsi disk dri
On Wed, 17 Jan 2007 09:33:54 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> On 1/16/07, Steven M. Bellovin <[EMAIL PROTECTED]> wrote:
> > I don't think that that distinction is either necessary or
> > sufficient.
>
> Dr. Bellovin,
Please -- "Steve".
>
> I would like to invite you to try out a F
On 1/16/07, Steven M. Bellovin <[EMAIL PROTECTED]> wrote:
I don't think that that distinction is either necessary or sufficient.
Dr. Bellovin,
I would like to invite you to try out a Free FDE product called
Compusec < http://www.ce-infosys.com/ >
After trying, please let me know if the distin
On Tue, Jan 16, 2007 at 11:33:46AM -0500, Steven M. Bellovin wrote:
> On Tue, 16 Jan 2007 08:19:41 -0800
> "Saqib Ali" <[EMAIL PROTECTED]> wrote:
>
> > Dr. Bellovin,
> >
> > > In most situations, disk encryption is useless and probably harmful.
> > > It's useless because you're still relying on t
At 08:08 AM 1/16/2007, Steven M. Bellovin wrote:
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear <[EMAIL PROTECTED]> wrote:
> At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memor
On Tue, 16 Jan 2007 08:58:27 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> > Yes, encrypted disks aren't much good unless the OS also encrypts
> > (at least) swap space. I note that OpenBSD ships with swap-space
>
> I think you are confusing "Disk Encryption" with "Full Disk Encryption
> (FDE)"
Steven M. Bellovin wrote:
...
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memory serves, Mike Godwin
-- a lawyer who strongly supports crypto, etc. -- has opined that under
US law, a subpoena for keys would probably be upheld
Steven M. Bellovin wrote:
> On Tue, 16 Jan 2007 07:56:22 -0800
> Steve Schear <[EMAIL PROTECTED]> wrote:
>
>> At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
>>> Disk encryption, in general, is useful when the enemy has physical
>>> access to the disk. Laptops -- the case you describe on your pa
Yes, encrypted disks aren't much good unless the OS also encrypts
(at least) swap space. I note that OpenBSD ships with swap-space
I think you are confusing "Disk Encryption" with "Full Disk Encryption
(FDE)". They are two different beast.
FDE encrypts the "entire" boot drive, including the OS
On Tue, 16 Jan 2007 08:19:41 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> Dr. Bellovin,
>
> > In most situations, disk encryption is useless and probably harmful.
> > It's useless because you're still relying on the OS to prevent
> > access to the cleartext through the file system, and if the O
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memory serves, Mike Godwin
Yup. Disk Crypto has a ugly side as well, as highlighted by the recent
incident where FBI was unable to crack the encryption used by a
pedophile and murd
Dr. Bellovin,
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do that with an unencrypted disk.
I am not sure I understand this.
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear <[EMAIL PROTECTED]> wrote:
> At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
> >Disk encryption, in general, is useful when the enemy has physical
> >access to the disk. Laptops -- the case you describe on your page --
> >do fit that category; I ha
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do fit that category; I have no quarrel with disk encryption for them.
It's more dubious for desktops and *much
On Tue, 16 Jan 2007, Steven M. Bellovin wrote:
[[about full-disk encryption]]
> In most situations, disk encryption is useless and probably harmful.
> It's useless because you're still relying on the OS to prevent access
> to the cleartext through the file system, and if the OS can do that it
> can
On Mon, 15 Jan 2007 08:39:18 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> An article on how to use freely available Full Disk Encryption (FDE)
> products to protect the secrecy of the data on your laptops. FDE
> solutions helps to prevent data leaks in case the laptop is stolen or
> goes missing.
On Mon, 15 Jan 2007 08:39:18 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> An article on how to use freely available Full Disk Encryption (FDE)
> products to protect the secrecy of the data on your laptops. FDE
> solutions helps to prevent data leaks in case the laptop is stolen or
> goes missing
31 matches
Mail list logo
