Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: The ugly side of using disk encryption

from [Will Yonker] Network Security [Permanent Link]
Subject: RE: The ugly side of using disk encryption
Date: Wed, 25 Oct 2006 22:13:43 -0400 (EDT) 
<quote who="Hagen, Eric">

Speaking of TrueCrypt, a bruteforce attack is totally out of the question
at this point.  Any of the three cyphers in use will make the data
irrelevantly hard to crack using sheer computing power.   the only reason
to even bother with the three-cypher is if the data will still be relevant
in 20-40 years, when the technology to crack any single cypher *might* be
available.  However, this would also require a mathematical breakthrough,
as the current state of encryption is not just a few orders of magnitude
away from being broken, but dozens of orders of magnitude.


That is good to know.  And totally changes my point of view.  After
reading a few other responses, I've also decided the full disk encryption
is the only thing that will help me.


As for the use of a hidden partition, this is really only useful for
plausable deniability.  Creating a hidden partition within a real
partition allows the user to give up a passphrase under interrogation or
otherwise, and have that passphrase be valid and decrypt some data.
Unless your employees are likely to be kidnapped and compelled to disclose
their passphrase, the hidden partition does little for your security.  You
can, however, use any random filename buried within the file structure
c:\windows\system32\arrgh.not is just as valid a filename as any other as
far as truecrypt is concerned, but having a 10GB file floating around
would be pretty obvious to a would-be attacker, so this really only useful
for small amounts of data.


My (flawed) idea was that I could auto-mount the encrypted partition on
boot that only required a pass phrase.  Then the user would manually mount
the hidden partition when needed.  I thought this would throw an attacker
off thinking that if they got the passphrase, they had all the data that
is to be gotten from the laptop.





-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sandboxie, Matt Lye
Next by Date:  Re: Security Search Engine, Saqib Ali
Previous by Thread:  RE: The ugly side of using disk encryption, Hagen, Eric
Next by Thread:  USB sticks on pubic computers security, Lars
Indexes:  [Date] [Thread] [Top] [All Lists]