Re: [Thinkpad] Thinkpad Hard Drive Passwords

I have to agree with Bruce on this issue. The real issue here is not the
protection abilities of the software or the keys. It's the dicipline of the
parties in posession of the keys. The weakness is not in the software or the
hardware, it's the people who have access. Could be a secretary, the wife,
the business partner or the in house computer tech. Each individual has a
price or a "BS" index. The information in question is not kept secret just
for the benefit of one individual, it's shared with someone. Therein lies
the weakness. I can recall a "hacker" security conference where a new
software encryption company offered anyone a $50,000 reward if they could
crack or access the data in question during the 5 day conference. It was
hacked or cracked and the reward was claimed by noon the first day via
social engineering . Ask yourself this question... "Why rob a bank when
you can talk someone into writing a check"???? The weakness in is the
people involved, not the hardware or the software.

----- Original Message -----
From: "Bruce Markowitz" <scosgt@worldnet.att.net>
To: "Jonathan Graham" <grahamj@virtue.cx>
Cc: <thinkpad@stderr.org>
Sent: Monday, February 02, 2004 9:51 PM
Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords

> Always with the personal attacks, grahm cracker
> ----- Original Message -----
> From: "Jonathan Graham" <grahamj@virtue.cx>
> To: "Bruce Markowitz" <scosgt@worldnet.att.net>
> Cc: <thinkpad@stderr.org>
> Sent: Monday, February 02, 2004 8:44 PM
> Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords
>
>
> >
> > ----- Original Message -----
> > From: "Bruce Markowitz" <scosgt@worldnet.att.net>
> > To: "Jonathan Graham" <grahamj@virtue.cx>
> > Cc: <thinkpad@stderr.org>
> > Sent: Monday, February 02, 2004 6:26 PM
> > Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords
> >
> >
> > > You see, you seem to have completely missed the point.
> > > A professional who is after the specific data will simply get around
the
> > > best security by hacking/buying the key from the company that writes
the
> > > encryption software.
> >
> > You're thinking too much like an enigma machine Bruce. Antiquated.
> >
> > Enigma worked by having the mechanism unknown. Modern cryptosystems
> > attempt to keep the mechanism known and the security in the key and the
> key
> > in the hands of the sender/recipient. There is no third party to get
the
> > key from.
> >
> > So in the case of a computerized OTP your 'pro' has to work on
> regularities
> > in the pseudo-random number generation. If it was simply a question of
> > money I might be concerned since the number of people with a lot of
money
> is
> > significantly larger than those with experience breaking OTP
cryptograpic
> > cyphers.
> >
> > _______________________________________________
> > Thinkpad mailing list
> > Thinkpad@stderr.org
> > http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
>
> _______________________________________________
> Thinkpad mailing list
> Thinkpad@stderr.org
> http://stderr.org/cgi-bin/mailman/listinfo/thinkpad

_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
Received on Mon Feb 2 22:50:23 2004