RE: [Thinkpad] Thinkpad Hard Drive Passwords

To add one more level to what Scott said. You as the password keeper, may
simply forget the password! Today for my job, we have to change our
password every 90 days, and when we do, it checks the last three passwords
we entered to make sure we are not using the same one. For me, this is too
many passwords to remember. What I have been reduced to doing is having
four rotating passwords - each simpler than the more complicated one I used
to use. But in a corporate structure, this is not too bad, because the IT
folks could get in and salvage data on a protected computer. For a home
computer, this is very different. You are typically the only one in. You
may forget your password. At that point - you are out of some computer
hardware! I usually keep all my "secure" data (not that I really have any)
on my home PC. I only keep what I am working on, on my laptop.

The analogy here is the laptop is a scratch pad; the home desktop is the
filing cabinet.

George

-----Original Message-----
From: Scott Wilcox [mailto:swilcox@indy.rr.com]
Sent: Monday, February 02, 2004 10:48 PM
To: Bruce Markowitz; Jonathan Graham
Cc: thinkpad@stderr.org
Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords

I have to agree with Bruce on this issue. The real issue here is not the
protection abilities of the software or the keys. It's the dicipline of the
parties in posession of the keys. The weakness is not in the software or the
hardware, it's the people who have access. Could be a secretary, the wife,
the business partner or the in house computer tech. Each individual has a
price or a "BS" index. The information in question is not kept secret just
for the benefit of one individual, it's shared with someone. Therein lies
the weakness. I can recall a "hacker" security conference where a new
software encryption company offered anyone a $50,000 reward if they could
crack or access the data in question during the 5 day conference. It was
hacked or cracked and the reward was claimed by noon the first day via
social engineering . Ask yourself this question... "Why rob a bank when
you can talk someone into writing a check"???? The weakness in is the
people involved, not the hardware or the software.

----- Original Message -----
From: "Bruce Markowitz" <scosgt@worldnet.att.net>
To: "Jonathan Graham" <grahamj@virtue.cx>
Cc: <thinkpad@stderr.org>
Sent: Monday, February 02, 2004 9:51 PM
Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords

> Always with the personal attacks, grahm cracker
> ----- Original Message -----
> From: "Jonathan Graham" <grahamj@virtue.cx>
> To: "Bruce Markowitz" <scosgt@worldnet.att.net>
> Cc: <thinkpad@stderr.org>
> Sent: Monday, February 02, 2004 8:44 PM
> Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords
>
>
> >
> > ----- Original Message -----
> > From: "Bruce Markowitz" <scosgt@worldnet.att.net>
> > To: "Jonathan Graham" <grahamj@virtue.cx>
> > Cc: <thinkpad@stderr.org>
> > Sent: Monday, February 02, 2004 6:26 PM
> > Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords
> >
> >
> > > You see, you seem to have completely missed the point.
> > > A professional who is after the specific data will simply get around
the
> > > best security by hacking/buying the key from the company that writes
the
> > > encryption software.
> >
> > You're thinking too much like an enigma machine Bruce. Antiquated.
> >
> > Enigma worked by having the mechanism unknown. Modern cryptosystems
> > attempt to keep the mechanism known and the security in the key and the
> key
> > in the hands of the sender/recipient. There is no third party to get
the
> > key from.
> >
> > So in the case of a computerized OTP your 'pro' has to work on
> regularities
> > in the pseudo-random number generation. If it was simply a question of
> > money I might be concerned since the number of people with a lot of
money
> is
> > significantly larger than those with experience breaking OTP
cryptograpic
> > cyphers.
> >
> > _______________________________________________
> > Thinkpad mailing list
> > Thinkpad@stderr.org
> > http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
>
> _______________________________________________
> Thinkpad mailing list
> Thinkpad@stderr.org
> http://stderr.org/cgi-bin/mailman/listinfo/thinkpad

_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
Received on Tue Feb 3 08:28:29 2004