Hello,
As if the latest research (which showed that RAM contents can be
recovered after power-down) was not enough, it seems as Firewire ports
can form yet an easier attack vector into FDE-locked laptops.
Windows hacked in seconds via Firewire
http://www.techworld.com/security/news/index.cfm?
Hello Dave,
On 13/2/2008 21:26, Dave Korn wrote:
Or are you suggesting that it could encrypt each block OTF when it's first
accessed, or run the encryption in the background while the system was still
live, instead of converting the whole drive in one big bite?
Encrypting blocks only when t
Hello,
On 11/2/2008 06:13, Ali, Saqib wrote:
I installed TrueCrypt on my laptop and ran some benchmark tests/
Benchmark Results:
http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks
Pros:
1) Easy to use product. Simple clean interface. Very user-friendly!
2) Free and Open So
List,
Finally, an open source FDE (Full Disk Encryption) for Win32. It is the
first one I am aware of:
www.truecrypt.org
TC is not a new player, but starting February 5th (version 5) it also
provides FDE.
Didn't get to try it yet.
Hagai.
-
Hello,
On 30/10/2007 17:13, Ali, Saqib wrote:
> Windows have had FDE (with pre-boot) solutions for a long while. Here
> is a list: http://www.full-disk-encryption.net/Full_Disc_Encryption.html
IIRC, none of the products on this list is open source.
Hagai.
--
Hello,
On 30/10/2007 07:37, Ivan Krsti? wrote:
> On Oct 29, 2007, at 3:56 PM, Hagai Bar-El wrote:
>> Are there at all any open source FDE products for Win32?
>
> http://www.truecrypt.org/
A great product, but not an FDE one.
It encrypts contents of logical drives into conta
Hello
On 08/10/07 13:27, Steven M. Bellovin wrote:
> On Mon, 18 Jun 2007 22:57:36 -0700 "Ali, Saqib"
> <[EMAIL PROTECTED]> wrote:
>
>> US Government has select 9 security vendors that will product drive
>> and file level encryption software.
>>
>> See:
>> http://security-basics.blogspot.com/20
Hi,
On 13/09/07 15:14, Ian G wrote:
> Hagai Bar-El wrote:
>> Hi,
>>
>> On 12/09/07 08:56, Aram Perez wrote:
>>> The IronKey appears to provide decent security while it is NOT plugged
>>> into a PC. But as soon as you plug it in and you have to enter a
>&g
I saw which
actually bothers to deal with the brute-force attack vector, which does
exist in many other similar products. So it's not perfect, and I would
certainly not bet my life on it, probably not even my life's data, but
it's reasonable.
Hagai.
--
Hagai Bar-El - Information Secu
st you,
compensatory damages alone can end up being a large enough stack of cash
to discourage you from infringing a patent, as long as you suspect its
owner may actually have a case.
Regards,
Hagai.
P.S. IANAL, of course.
--
Hagai Bar-El - Information Security Analyst
T/F: 972-8-9354152 Web: www.hb
l prefer to enjoy the assurance and the
reasonable robustness they provide, which is the most desirable feature
after all.
Hagai.
--
Hagai Bar-El - Information Security Analyst
T/F: 972-8-9354152 Web: www.hbarel.com
-
The Crypt
get with completely closed-source devices, let alone with ones
that implement proprietary crypto...
And, of course, the source code is probably published also because the
marketing guys (probably) said that people skilled in the art will
appreciate this feature when evaluating this product against
and an IV in
terms of bits on the wire. After all, in both cases the confounder or IV
need to be passed to the other side, unless they are implicitly known.
Hagai.
--
Hagai Bar-El - Information Security Analyst
T/F: 972-8-9354152 Web: www.hbarel.com
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Hello David,
On 22/04/07 00:04, David Wagner wrote:
> Hagai Bar-El writes:
>> What Aram wrote is "many of the attendees have very little security
>> experience", not: "there are no attendees with security experience".
>> There are people at the relevant OM
A, so you can send me
the protocol. If other members here are signed on the OMA NDA, I guess
it could be useful if you notified Aram in a private message, so you can
get your copy and examine it too.
--
Hagai Bar-El - Information Security Analyst
T/F: 972-8-9354152 Web: www.hbarel.com
--
as that are enabled by some
government with its own legal system that the community has no control
over. Be it the US, or the EU, or anyone else.
DNSSEC, I think, comes to solve the problem of hackers who fake DNS
responses to phish for your credit card details; not against national
espionage. An
what will link this justice back to money if the
bank's owner doesn't feel like paying?
I know this is not completely related to the questions you presented,
but more to the rationale of the entire system. I am just trying to
understand
Hello,
At 25/10/05 07:18, cyphrpunk wrote:
> http://www.hbarel.com/Blog/entry0006.html
>
> I believe that for anonymity and pseudonymity technologies to survive
> they have to be applied to applications that require them by design,
> rather than to mass-market applications that can also do (
Hello,
I would like to notify you all of a new mailing list forum which I
opened. It is called "Practical Security" and is aimed at discussing
security measures in the context of real problems in real projects.
It has a much narrower scope than the Cryptography mailing list and
by no means i
ch towards solving this issue I
will be glad if he posts it on the list. Also, if any one of you
would like to get a copy of this paper when it's done, please let me
know by e-mailing me directly.
Regards,
Hagai.
---
Hagai Bar-El - Information Security Analyst
T/F: 972-8-9354152 Web:
.
---
Hagai Bar-El - Information Security Analyst
T/F: 972-8-9354152 Web: www.hbarel.com
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ations.htm
Full Paper: http://www.hbarel.com/publications/When_To_Use_Biometrics.pdf
A short recorded lecture about the topic is available in:
http://www.hbarel.com/Lectures/When_To_Use_Biometrics.wav
Regards,
Hagai.
Hagai Bar-El - Information Security Analyst
Tel.: 972-8-9354152 Fax.: 972-8
22 matches
Mail list logo