On Jan 19, 2007, at 4:06 AM, Bill Stewart wrote:
[...] if you're trying to protect against KGB-skilled attacks [...]
On the other hand, if you're trying to protect against
lower-skilled attackers, [...]
I always find these arguments particularly frustrating.
By slowly raising the bar
On Jan 18, 2007, at 6:57 PM, Saqib Ali wrote:
When is the last time you checked the code for the open source app
that you use, to make sure that it is written properly?
30 seconds ago.
What mode is it using? How much information is encrypted under a
single key. Was the implementation
Victor Duchovni [EMAIL PROTECTED] writes:
It took reading the code to determine the following:
- ASN.1 Strings extracted from X.509v3 certs are not validated for
conformance with the declared character syntax. Strings of type
PrintableString or IA5String may hold non-printable or
On Fri, 19 Jan 2007, Bill Stewart wrote:
Obviously if you're trying to protect against KGB-skilled attacks
on stolen/confiscated hardware, you'd like to have the swap partition
encrypted as well as any user data partitions, though you may not care
whether your read-only utility software was
On Sat, Jan 20, 2007 at 10:10:47PM +1300, Peter Gutmann wrote:
Victor Duchovni [EMAIL PROTECTED] writes:
It took reading the code to determine the following:
- ASN.1 Strings extracted from X.509v3 certs are not validated for
conformance with the declared character syntax. Strings
On Thu, Jan 18, 2007 at 03:57:46PM -0800, Saqib Ali wrote:
When is the last time you checked the code for the open source app
that you use, to make sure that it is written properly?
Yesterday, in the case of OpenSSL, though I was only looking at how
ASN.1 strings that store the subject CN
At 03:57 PM 1/18/2007, Saqib Ali wrote:
When is the last time you checked the code for the open source app
that you use, to make sure that it is written properly?
When is the last time you carefully checked the code for a closed source
app that you use? (Besides the one you mentioned to
As far as Full Disk Encryption's usefulness as a term goes,
I'd distinguish between several different kinds of applications
for encrypting the contents of a disk
1 - The disk drive or maybe disk controller card (RAID, SCSI, etc.)
encrypts all the bits written to the drive
and
Saqib Ali wrote:
Since when did AES-128 become snake-oil crypto? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
snake-oil crypto
Saqib,
I believe you are correct as to the algorithm, but the snake-oil
is in the implementation,
As I have often said, A
Algorithms can be perfect and implementation sloppy. If you can
review the code you might find the problem, but with proprietary
code, fergetit.
I think you guys are missing the point. The term Snake-Oil Crypto
refers to the algorithm and NOT the actual implementation. This is a
important
On Mon, 15 Jan 2007 08:39:18 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
An article on how to use freely available Full Disk Encryption (FDE)
products to protect the secrecy of the data on your laptops. FDE
solutions helps to prevent data leaks in case the laptop is stolen or
goes missing. The
On Mon, 15 Jan 2007 08:39:18 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
An article on how to use freely available Full Disk Encryption (FDE)
products to protect the secrecy of the data on your laptops. FDE
solutions helps to prevent data leaks in case the laptop is stolen or
goes missing. The
On Tue, 16 Jan 2007, Steven M. Bellovin wrote:
[[about full-disk encryption]]
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do fit that category; I have no quarrel with disk encryption for them.
It's more dubious for desktops and
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear [EMAIL PROTECTED] wrote:
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do fit that category; I have no
Dr. Bellovin,
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do that with an unencrypted disk.
I am not sure I understand
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memory serves, Mike Godwin
Yup. Disk Crypto has a ugly side as well, as highlighted by the recent
incident where FBI was unable to crack the encryption used by a
pedophile and
On Tue, 16 Jan 2007 08:19:41 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
Dr. Bellovin,
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent
access to the cleartext through the file system, and if the OS can
do
Yes, encrypted disks aren't much good unless the OS also encrypts
(at least) swap space. I note that OpenBSD ships with swap-space
I think you are confusing Disk Encryption with Full Disk Encryption
(FDE). They are two different beast.
FDE encrypts the entire boot drive, including the OS,
Steven M. Bellovin wrote:
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear [EMAIL PROTECTED] wrote:
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do
Steven M. Bellovin wrote:
...
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memory serves, Mike Godwin
-- a lawyer who strongly supports crypto, etc. -- has opined that under
US law, a subpoena for keys would probably be
21 matches
Mail list logo