RE: [Thinkpad] Thinkpad Hard Drive Passwords

Bruce,

Quote of the day:
"So the best prevention against data loss by a pro is DON'T LET THE DRIVE
GET STOLEN."

This is probably the best explanation of security I've ever read - all in a
nutshell! The same philosophy can be applied to so many other issues in
this world. You can never nor should have 100% of anything be it security
to a fat free diet. Going for that last 10% could cost you everything, and
gain you nothing!

I do not use passwords because they could get forgotten or something could
go wrong somewhere. (For some reason, I somehow seem to be a victim of
Murphy's Law!) Plus to go through them every day - every time I turn on my
machine is cumbersome and time consuming. Making sure my computer does not
get stolen, takes no time and costs nothing. In the end, I get the same
results!

Thanks Bruce,
George

P.S. I do not advocate, nor did I take what Bruce said as promoting a
password free existence - nor fat free for that matter.

-----Original Message-----
From: Bruce Markowitz [mailto:scosgt@worldnet.att.net]
Sent: Monday, February 02, 2004 6:26 PM
To: Jonathan Graham
Cc: thinkpad@stderr.org
Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords

You see, you seem to have completely missed the point.
A professional who is after the specific data will simply get around the
best security by hacking/buying the key from the company that writes the
encryption software. In the same way, the pro would already know the
password. If the data involved is THAT sensitive or valueable, the pro will
buy/steal/exort the password.
Passwords/data encryption are only useful against the casual thief, one who
steals an unattended laptop off a desk. HE is not about to send the drive to
Nortek and pay $200 or $300 or more AND leave a paper trail just to "see
what's on the drive".
So the best prevention against data loss by a pro is DON'T LET THE DRIVE
GET STOLEN. The hard drive password is probably all that is needed against
the casual thief, for the above reasons.
This is sort of like alarm systems and safes.
There is no safe in the world that is absolutely burglar proof - such a safe
would be worthless, since the true owner would be denied the enclosed
property if the lock was broken or the combo lost.
In the same way no alarm system, on its own, can stop the professional
thief - only slow him down. But it does stop the average junkie out to grab
whatever isn't nailed down.

----- Original Message -----
From: "Jonathan Graham" <grahamj@virtue.cx>
To: "Bruce Markowitz" <scosgt@worldnet.att.net>
Cc: <thinkpad@stderr.org>
Sent: Monday, February 02, 2004 11:21 AM
Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords

> On Mon, Feb 02, 2004 at 10:40:33AM -0500, Bruce Markowitz wrote:
> > All I have to say is:
> > ENIGMA
> > Midway
> > ANY code can be broken
>
> Except that ENIGMA isn't an example of the the kind of code being
presented as unbreakable here. So your claim is equivalent to: "I can
safely eat an orange therefore all fruit may be safely eaten."
>
> With that in mind skepticism is warranted sure a one-time-pad is
'provably' unbreakable (as that any message of length N can represent any
other message of length N - or less if we include the possibility of
padding). However this is only true in the case where the key selection is
random. Key selection on computers is generaly not random and this can
allow someone the ability to crack the key.
>
> J.
>
>
>
> > ----- Original Message -----
> > From: "Felix E. Klee" <felix.klee.thinkpad@gmx.net>
> > To: <thinkpad@stderr.org>
> > Sent: Monday, February 02, 2004 8:38 AM
> > Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords
> >
> >
> > > On Mon, 2 Feb 2004 08:10:29 -0500 Bruce Markowitz wrote:
> > > > You can break anything if you try hard enough. What is your point?
> > >
> > > His point is that HD passwords are a weak protection as compared to
> > > encrypted data. If the encryption key is as long as the data, it is
> > > obvious that the encryption cannot be broken. If the key is shorter
than
> > > the data, it is always possible to partially decrypt the data.
However,
> > > with decently long keys and good encryption schemes this process may
> > > take "astronomically" long (maybe hundreds or thousands of years). HD
> > > passwords, OTOH, can probably be gained in a matter of hours by any
good
> > > data rescue service.
> > >
> > > Felix
> > >
> > > PS: To contact me off list don't reply but send mail to "felix.klee"
at
> > the
> > > domain "inka.de". Otherwise your email to me might get automatically
> > deleted!
> > > _______________________________________________
> > > Thinkpad mailing list
> > > Thinkpad@stderr.org
> > > http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
> >
> > _______________________________________________
> > Thinkpad mailing list
> > Thinkpad@stderr.org
> > http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
> _______________________________________________
> Thinkpad mailing list
> Thinkpad@stderr.org
> http://stderr.org/cgi-bin/mailman/listinfo/thinkpad

_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
Received on Tue Feb 3 08:17:45 2004