Obviously, with physical access and unlimited computing power there's no
security. Too bad no one has unlimited computing power (and very few
have the power to break readily available schemes).
Matthew Flaschen
Matthew Flaschen
Paul Schmehl wrote:
--On Wednesday, October 25, 2006 15:18:10 -0400 Matthew Flaschen
<matthew.flaschen@gatech.edu> wrote:
Sorry, I shouldn't have implied that was only true of Windows. However,
you CAN'T access encrypted data with physical drive access.
Not even that is true. You can always *access* the data. Depending
upon the type and complexity of the encryption, it may take a while to
decrypt, but once I have physical access, I have both the data and the
time to do just that. *Most* of the "encryption" schemes for things
like passwords that used to be stored in plain text (until somebody
pointed it out) are fairly trivial and easily broken.
Even if they're not, I may be able to use the program itself to decrypt
the password and then capture it in plain text in memory.
Again, once you have physical access, it's game over, plain and simple.
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
