From owner-freebsd-hackers@FreeBSD.ORG Mon Feb 25 11:24:02 2008 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A095516A400 for ; Mon, 25 Feb 2008 11:24:02 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.freebsd.org (Postfix) with ESMTP id 2202D13C447 for ; Mon, 25 Feb 2008 11:24:01 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by ug-out-1314.google.com with SMTP id y2so819757uge.37 for ; Mon, 25 Feb 2008 03:24:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=8vIC5nlYfbvvmBAfb2koksQBsK2NJF0coqP2AwcdxqQ=; b=dj/l355ZN+RB7rRBpXWsSr3So98dQmpOXiuB9i/jW+LOHGOOU2Zq1V2afwFtKlOZtWkdWd2zym5v1WMaZkGPISixwQ5lzNR6G3wZ7zfAc74ZWIWmW/DxpG5napOzPEFHD2rcBcVdbHm3JPvycpKDaFAxrN9Y3DGKbEskC3cDCeQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=oA6/HT58kvaamh7hvfibDZYnLpdKFoc08Svn4+3M3fit4Yizi3SKTwUh9rWGn6X9QMmPQfW+2iF2C2gdyxbdkaFGYcxzJ9jFmdg9kX7UxXziLSV+xt3bpk2MCWCrw+QVqQPHShfmAyOF/0PM/V3MTWEbEu9xS0CoC4HRPxF3bh0= Received: by 10.67.23.5 with SMTP id a5mr3002807ugj.8.1203938640713; Mon, 25 Feb 2008 03:24:00 -0800 (PST) Received: by 10.66.248.11 with HTTP; Mon, 25 Feb 2008 03:24:00 -0800 (PST) Message-ID: Date: Mon, 25 Feb 2008 11:24:00 +0000 From: "Igor Mozolevsky" Sender: mozolevsky@gmail.com To: "Bill Moran" In-Reply-To: <20080224123328.a0a85d7c.wmoran@collaborativefusion.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <47C06E1F.5020308@thedarkside.nl> <760775.85636.qm@web50306.mail.re2.yahoo.com> <20080223203316.GC38485@lor.one-eyed-alien.net> <20080224100924.c8e08776.wmoran@collaborativefusion.com> <20080224123328.a0a85d7c.wmoran@collaborativefusion.com> X-Google-Sender-Auth: 00885f214db39c66 Cc: hackers@freebsd.org Subject: Re: Security Flaw in Popular Disk Encryption Technologies X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Feb 2008 11:24:02 -0000 On 24/02/2008, Bill Moran wrote: > "Igor Mozolevsky" wrote: [snip] > > IMO the possibility of such attack is so remote that it doesn't really > > warrant any special attention, it's just something that should be kept > > in mind when writing "secure" crypto stuff... > > > Then you're not using this to protect data of a particular sensitive > nature, or you're being a fool. Not at all! > Fact is, data is "sensitive" to different degrees. It's also valuable > to different degrees. > > If you're worried about your personal financial information on your > laptop being stolen, then modern disk encryption is fine. But, if you've > got a mobile device with the sensitive information from 1000s of people > on it, the stakes are different. That device is liable to be the target > of an attack specifically to get the _data_. > > You're correct in 90% of the cases, but there's still the 10% that some > of us need to consider. Crypto is merely a way of obfuscating data, and we all know the truth about security by obscurity, right? Why would you have sensitive data on a laptop that anyone could potentially snatch out of your hand??? If it's sensitive enough to be paranoid, it should never leave the site! There are better ways to protect data than simple disk encryption, *if you really have to* to take it offsite on a laptop. There's only one thing disk crypto is useful for - swap encryption, I'd not use straight crypto for anything else... But again, how many of us here actually use S/Key for remote logins?.. > The fact is that the attack is not difficult, and it's not a matter of > whether or not someone _can_ bypass your disk encryption, it's more a > matter of whether or not they actually care enough to bother, or whether > the $$$ they can get for the stolen hardware alone will satisfy them. > Each user/organization really needs to evaluate this information with > regards to their own situation, but it's important to understand the > details of the risk when making such a decision. It's not a "not difficult" attack - someone has to get hold of your laptop first! Then there's things like BIOS passwords, restricting boot partitions, and if you don't want memory covers to be unscrewed (or your laptop case as a whole, for that matter) you can always use a bit of loctite! As the saying goes, those who think that crypto is the solution to their problem, don't crypto nor the problem... Igor :-)