Re: Re: Re: Why isn't full disk encryption from manufactures a slam dunk?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well as you know, for example, the US government has now started to require 
companies to publish and inform when electronic breaks-in and theft occur.

While conceptually encryption is secure, it is the implementation of it which 
comes into question.  Realistically when a crypto-cracker starts his work, the 
first thing he is going to do is find out not only what kind of encryption is 
being used, but also what product was used to implement it.  This is to locate 
any vulnerabilities in certain versions of certain products which can be 
exploited to break in.  The next thing he is going to do is run through a list 
of commonly used passwords and perform a dictionary-based attack to take 
advantage of a possibly weak password.  After that, he might start looking into 
aspects of the user(s) who using the security to determine commonly used pieces 
of information such as dates, names of family/friends/pets, and so forth.  If 
this information is not readily available on the Internet, a determined person 
can always "dumpster dive".  Who knows, perhaps the user wrote it down 
somewhere?  As I said, it is the implementation which is the we
 akpoint.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFG8fVLbewdQwZMkngRAleIAJ0bz8x7LJYiYwB0EhsyNNOyuI6s0gCbBpYS
jBLY1aa/c472li+YnRDcfKM=
=VFYf
-----END PGP SIGNATURE-----