It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Saqib Ali
docbook.xml at gmail.com
Tue Jan 16 11:19:41 EST 2007
Dr. Bellovin,
> In most situations, disk encryption is useless and probably harmful.
> It's useless because you're still relying on the OS to prevent access
> to the cleartext through the file system, and if the OS can do that it
> can do that with an unencrypted disk.
I am not sure I understand this. With FDE, the HDD is unlocked by a
pre-boot kernel (linux). It is not the function of the resident OS to
unlock the drive.
> It's harmful because you can
> lose a key. (Your web page does address that, but I'm perplexed --
> what is challenge/response authentication for key recovery?)
Challenge/Response password recovery, as I understand, is a very
simplified implementation of Secret Sharing. It allows for 2 parties,
in this case the IT HelpDesk and the User, to collaborate and recover
a Secret.
1) Upon forgetting the password, the user calls the Help Desk.
2) The IT Help Desk authenticates the user in the usual ways (e.g.
check office voice mail etc), as the policy dictates.
3) Once authenticated the user give the partial secret to the HelpDesk.
4) The HelpDesk then combine it with the secret they have to produce a
temporary password.
5) The temporary password is then used to unlock the HDD "once", and
new credentials are created.
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list