I believe the keys are stored on the device itself, so given time, they will get the data. According to "Kerckhoffs's Principle"
A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -----Original Message----- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Thursday, February 10, 2011 12:31 PM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes > If data is encrypted with strong crypto, and that crypto's secret > key is not stored on the device, then that data can generally be > considered safe even if the device is stolen. > > In English, that means if the security depends on a strong password > the user must enter (and not on some magic the manufacturer has > "hidden" inside the device), the password-protected data is safe. ... Isn't that only partially true? I mean, if the encrypted data is stolen, isn't it reasonable to believe it can be cracked given enough time/cpu power? I was always told that no encryption is uncrackable given the right resources. What you buy with strong cryptography is an expected length of time before it's cracked. But, that may be just what I have been told. --Matt Ross Ephrata School District ----- Original Message ----- From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Thu, 10 Feb 2011 09:17:29 -0800 Subject: Re: IPhone attack reveals passwords in six minutes > On Thu, Feb 10, 2011 at 12:10 PM, S Powell <powe...@gmail.com> wrote: > > Yep, big security issue, but if someone has physical control of your > > device, any device, you should always consider it compromised. > > If data is encrypted with strong crypto, and that crypto's secret > key is not stored on the device, then that data can generally be > considered safe even if the device is stolen. > > In English, that means if the security depends on a strong password > the user must enter (and not on some magic the manufacturer has > "hidden" inside the device), the password-protected data is safe. > > Note also "stolen". If someone can compromise the software and > *give it back to you*, so you then continue to use it, all bets are > off. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
