On 24/02/2008, Bill Moran <[EMAIL PROTECTED]> wrote: > "Igor Mozolevsky" <[EMAIL PROTECTED]> wrote:
[snip] > > IMO the possibility of such attack is so remote that it doesn't really > > warrant any special attention, it's just something that should be kept > > in mind when writing "secure" crypto stuff... > > > Then you're not using this to protect data of a particular sensitive > nature, or you're being a fool. Not at all! > Fact is, data is "sensitive" to different degrees. It's also valuable > to different degrees. > > If you're worried about your personal financial information on your > laptop being stolen, then modern disk encryption is fine. But, if you've > got a mobile device with the sensitive information from 1000s of people > on it, the stakes are different. That device is liable to be the target > of an attack specifically to get the _data_. > > You're correct in 90% of the cases, but there's still the 10% that some > of us need to consider. Crypto is merely a way of obfuscating data, and we all know the truth about security by obscurity, right? Why would you have sensitive data on a laptop that anyone could potentially snatch out of your hand??? If it's sensitive enough to be paranoid, it should never leave the site! There are better ways to protect data than simple disk encryption, *if you really have to* to take it offsite on a laptop. There's only one thing disk crypto is useful for - swap encryption, I'd not use straight crypto for anything else... But again, how many of us here actually use S/Key for remote logins?.. > The fact is that the attack is not difficult, and it's not a matter of > whether or not someone _can_ bypass your disk encryption, it's more a > matter of whether or not they actually care enough to bother, or whether > the $$$ they can get for the stolen hardware alone will satisfy them. > Each user/organization really needs to evaluate this information with > regards to their own situation, but it's important to understand the > details of the risk when making such a decision. It's not a "not difficult" attack - someone has to get hold of your laptop first! Then there's things like BIOS passwords, restricting boot partitions, and if you don't want memory covers to be unscrewed (or your laptop case as a whole, for that matter) you can always use a bit of loctite! As the saying goes, those who think that crypto is the solution to their problem, don't crypto nor the problem... Igor :-) _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"