|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dataloss] (article) "We recovered the laptop!" ... so what?
From: sawaba (sawaba
forced.attrition.org)
Date: Wed Feb 14 2007 - 20:40:16 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I disagree. If they encrypted the data correctly, they know very well if
it is secure or not. There are specific encryption algorithms and
associated key lengths considered suitable for disk encryption. The most
commonly accepted is AES with a 256-bit key.
It is chosen as such, because as of yet, no flaw has been found in AES,
and a 256-bit key could not be brute-forced in any feasible time frame
with current technology. In other words, when you finally brute force it
10 or 15 years from now, the credit card numbers and SSNs will be useless
anyway.
--Sawaba
On Mon, 12 Feb 2007, blitz wrote:
> Ok, so youve got a copy of an encrypted disk to crack at your leisure. The
> data is still compromised and in someone elses hands, and they have no idea
> if its secure or not.
> That still counts as a loss in my book.
>
> At 08:54 2/12/2007, you wrote:
>> Hi everyone
>>
>> This thead is very interesting. All techniques so far deal with reading
>> data at a low level. Will Windows Vista prevent techniques such as Symantec
>> Ghost? I understand that Vista performs bit-level encryption with its
>> BitLocker technology.
>>
>> Thanks.
>>
>> Herve Roggero
>> Managing Partner
>> Pyn Logic LLC
>> Visit www.pynlogic.com
>
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 148 million compromised records in 573 incidents over 7 years.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]