Sufficient Encryption

Sufficient Encryption

am 12.08.2006 19:52:06 von marst17

Hello,

Are files protected by the encryption of XP Pro and Tiger Firevault
sufficient so that laptops using either are fully protected if lost or
stolen?

Re: Sufficient Encryption

am 12.08.2006 20:19:08 von Markus Jansson

marst17@yahoo.com wrote:
> Are files protected by the encryption of XP Pro

Depends. If user passphrase is over 16 marks long and random AND it nor
its hash are not stored anywhere in the hdd. Unfortunally they usually
are stored in LM and NTLM hashes that can be cracked open. Also, using
EFS is tricky, you have to set whole directories to be encrypted and be
carefull so that plaintext versions of files dont exist anywhere else on
the hdd.


> and Tiger Firevault

Never heard of it.
Just use Truecrypt with 24+ marks long passphrases and keyfile and you
are fine.

BTW. remember to wipe plaintext versions with Eraser when encrypting.


--
"Kansan enemmistön hyväksyntää ei tarvita minarkian perustamiseksi eikä
minarkian ylläpitämiseksi. Minarkiassa valtion tarkoitus ei ole toimia
kumileimasimena kansan enemmistön päähänpistoille, vaan turvata
yksilönvapaus. Siinä ero nykydemokratiaan nähden."
- Markus Jansson

Re: Sufficient Encryption

am 13.08.2006 04:40:34 von Volker Birk

marst17@yahoo.com wrote:
> Are files protected by the encryption of XP Pro and Tiger Firevault
> sufficient so that laptops using either are fully protected if lost or
> stolen?

Hi,

depends on the attack you want to be secure from.

I'm very sceptical of EFS. Also FileVault had it's flaws (like
unencrypted swap), while the actual implementation seems to work now.
For Windoze, I'm using truecrypt.

I feel much more secure with dm-crypt under Linux, to be honest,
booting from a signed CD, authenticating with a key on an USB stick.

Yours,
VB.
--
Ich würde schätzen, dass ca. 87% aller spontanen Schätzungen völlig für
den Arsch sind.

Ralph Angenendt in debate@ccc.de

Re: Sufficient Encryption

am 13.08.2006 06:14:53 von Sebastian Gottschalk

Volker Birk wrote:
> marst17@yahoo.com wrote:
>> Are files protected by the encryption of XP Pro and Tiger Firevault
>> sufficient so that laptops using either are fully protected if lost or
>> stolen?
>
> Hi,
>
> depends on the attack you want to be secure from.
>
> I'm very sceptical of EFS.

The implementation seems to be fine, but it has problematic semantics.
F.e. it's impossible to transfer EFS-encrypted files when your program
doesn't support NTFS ADS metadata. A simple damage to the EFS metadata
makes the entire file unreadable. A single defective block inside the
file makes an entire 64 KB unreadable. And there're some problems with
locking mechanisms.