Re: [Thinkpad] Thinkpad Hard Drive Passwords

Hallo Jonathan!

> But would an encrypted partition have a file allocation table?
> If so, wouldn't this give the potential decrypter a clue about
> the encoding? There are many standard files (e.g. .DLL files)
> on a Windows computer, you could tell the exact version by
> looking at the length of the file. Would knowing the source
> and the object help the decrypter figure out the key? Would it
> be more secure only to encrypt the data, rather than the whole
> Thinkpad drive?

According to the other parts of this thread:
If encryption of data (file or whole drive) is strong enough, there is
no help in knowing the originals (i. e. M$ ddls). For most of the
recommended encryptions, brute-force attacks are the "only" way of
decrypting without getting personally in touch with the owner. :-)
Recommended encryption systems are widley known: the attacker knows
_everything_ about the encryption (algorithm, implementation, key
length, computer system, ...). What he is looking for is the _secret_
encryption key which was chosen by the owner of the data (not the
software/company!). It is like a lock at a door. If you look closely
enough you will find out the manufacturer of the lock and how it works.
If it is a "secure" lock you have to try every possible key of this lock
system, because only one of these will open it.
Brute-force attacks work by trying every possible key to decrypt the
data. As already mentioned, the first tried key may be the special one;
but chances are not. So, it is a question of time and probability. For a
brute-force attack you do not have to know what you are looking for. Of
course it is easier to test the result of the tried decryption against
the "known" original text. You will always find an algorithm to decide
whether the decrypted text/data are what you are looking for. It is just
a little bit more of computing.

Back to your problem:
IBM´s hardware password is a good defense against the stupid thief,
because he will get a useless drive which will not work in any other
computer (including same Thinkpad models). But there are some
(expensive) guys on the world who can decrypt the password out of the
special chips on the harddisc. So it is a simple way to protect the data
and it comes with no extra costs. If you or any of the other users loose
their password then you become the thief and have to pay for getting the
data back. I am sure, IBM will give you a lot of information about the
system.
Recommended encryption systems (i. e. PGP, AES, elliptic curves, ...)
suffer from the same "problem"; if you loose the key (mostly a long
cryptic string) than you need at least decades to decrypt.
There are lots of Open Source implementations (Which is a must for
recommendation of the encryption system!) to encrypt files, mails or
drives. See www.gnupg.org
Commercial software systems are focussed on commercial users. Their
systems offer features like company wide key management, recovery of
lost keys, more than one key/user on decrypted data, different master
keys, usage of smartcards or USB sticks, ... To my mind they use strong
(recommended) algorithms too, but again safety lies in the
management/storage of the secret keys. You and your company have to
trust these software companies. Of course they have a lot of users, so a
faulty system would immediately destroy their business.
By using Open Source Software you can compile your own encryption
software and build up your own data safety. And again its safety relies
on the safety of the key storage at your own company.

I would recommend you to use the IBM harddisc and think about building
up a company wide encryption system using Open Source. Weak encryption
is better than no encryption!

Still questions left? :-)

Adrian

_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
Received on Tue Feb 3 11:56:40 2004