Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] TrueCrypt with SSD



On 08/16/2011 10:47 PM, Edward Ned Harvey wrote:
>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Brendan Kidwell
>>
>> I'd say the same thing as you: what the point of spending all those CPU
>> cycles if the data is effectively not encrypted?!
> CPU cycles irrelevant.
> First of all, when encrypting/decrypting my laptop HDD at sustained full
> speed, CPU usage only goes up to 30% of a single core.  Second of all, if
> you have a modern processor (i7) that includes the AES instruction set, it's
> 1-2 orders magnitude CPU performance enhancement, which means undetectable
> additional load on the CPU to sustain all the encryption.  0.3% to 3%
> maximum CPU load.
>
> But yeah.  A few days maximum to brute force the 6-character password.  
>
> And I don't buy the arguments a few people made - About the attack vector
> being other than brute force and therefore brute force doesn't matter.   If
> somebody laptop is lost or stolen, there is no guarantee it'll be powered on
> at the time, which means there's no guarantee of *any* attack vector except
> brute force.  And that includes brute force of the hammer & water bucket
> sort, on the person who knows the password.
>
> I understand the aversion to typing a long difficult password at boot time.
> That's why they made things like the TPM, and key fobs and smart cards.  So
> you can have strong encryption without the hassle.
The issue with any laptop is what happens when it gets lost or stolen.
If you are using a hardware USB device or something like that, you are
just as likely to lose it at the same time. As discussed earlier and
6-character password is simply going to be crackable. I personally
prefer a pass phrase that I can remember, but may make no sense to
anyone else. Something like a time-based RSA SecureID works, but only
when you are connected to a network for authentication.  The basic
underlying fallacy in all security systems is the human. technical
people like us would be more inclined to use longer passwords, TPM, et.
al., but the average computer user such as an accounting person who
maintains sensitive stuff on his laptop and does work while taking the
commuter rail to work is the hole in the system. You give him/her a long
randomized password, and it will be written down somewhere. How many
times have you seen employees use sticky notes with their password.

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org