[Nottingham] gpgpwd - keeping a commandline passwords list
david at gbenet.com
david at gbenet.com
Sat Jun 23 08:14:49 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22/06/12 22:54, Paul Tew wrote:
> On 22/06/12 16:56, david at gbenet.com wrote:
>
>> It so happens I'm doing some research into encrypting hard drives -
>> and to make an easy presentation of the facts and how to go about
>> doing it. Most people do not know. And there is some fear of the
>> unknown.
>
>> David
>
> Oh David how true, and as a police officer I must say long may this
> remain because it makes my working life so much easier.
>
> I'm willing to bet that this doesn't apply to mobile devices though
> because mobile passwords are more rigorously enforced.
>
> I have colleagues in the mobile phone department however, who can
> guess passwords merely from knowing a few facts about a person.
> Luckily, in computers I don't need to know this because people don't
> usually employ full disk encryption.
>
> A user password is no password at all when examining a disk at the
> sector level. Happily, even if they did use full disk encryption I
> would be able to crack it because people tend to use such dumb a**
> passwords.
>
> Paul
That's because people put their trust in the encryption - which is wrong - they should
always look at their passphrase. A good tip is to stick a "live" Linux DVD in to read the
sectors - though from my perspective am looking at "howto" secure your hard drive.
There's are more encryption software for Windows and Macs - which are in common usage and
heir success is because the software writers also wrote a graphical interface - on the Linux
front I often think that software writers are born as idiots thinking its "cool" to write a
command line interface without any consideration for the average user. Windows and Macs are
successful whereas Linux is a dismal failure. Linux software developers do not think of the
needs of end users and no matter how "brilliant" they think they are their mind-set is
stuck in the dark ages.
So good disk encryption has to face (a) dictionary attacks - password guessing (b) the
reading of RAM (c) breaking the encryption code. Good encryption stores the password in an
encrypted form - either on a smart card usb stick dongle or directly on the hard drive.
Modern laptops and desk tops enable you to boot off a usb - but then you have to prevent
some one booting into our bios set up and changing the boot order - you can set a strong
password for this - and even on some laptops use a fingerprint.
If you encrypted a drive - and used a strong passphrase and then put the boot sequence on a
usb - strong passphrase - all you could do would be (a) remove the had disk and boot as a
slave and see that it had no boot - all it contains was encrypted data. The instruction set
was on a usb. The hard disk would then be "safe" depending on the algorithms used.
I'd much prefer a two-key approach private and public key encryption with a very strong
passphrase and no boot sequence on the hard drive.
David
- --
https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books
how-to's - mailing lists and more
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJP5Xs0AAoJEOJpqm7flRExduMIAKioA0WGJ4ImNldXF+xu0Um6
LTLTSL+uWRC9VNIkSdBYzZ+gy4Rm3zVdEMxvjeNsK8q59P4PYxuY+tXUot54g6iK
jwSTJmk6t5XqahqxdM/pZTde92n7XPiNkskOZSquDAxMUcVIGnwlFdkAkhBEIkIY
41rPCurIbNZ2PjpvuHDTNyeZF/cM1sx5+6vX+iWb/IZ8kOIy1eedyA/lmaazF4x7
XvvpW5JwVQSgQs6o1CTQlsi9mLkFnlUTm+rfK3i7mP/u91kTFBX5Cyc6ap5VF8hJ
orJaiN1CLIhlZB8i9mPYsiyqZ11Vkgld2CgISabRU0LBGGvZFvK58boH9ZR7XZg=
=F05X
-----END PGP SIGNATURE-----
More information about the Nottingham
mailing list