|
Posted by jc on July 16, 2007, 2:53 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>> I am using a major brand of file encryption that stores its keys in a
>> database file. My files were being backed, but were encrypted at the
>> same time. Recently, I suffered a hard disk crash and had to resort
>> to restore my files that were stored under "my documents".
>> Unfortunately, the database with the keys wasn't being backed up
>> because they weren't located under "my documents". Needless to say,
>> the files that were backed up can't be decrypted under normal
>> operation after being restored.
>
> Maybe I should note that your security concept is completely pointless.
> Either you backup the keys, by what attackers can easily get to the
> plaintext, or you don't backup the keys, turning the backups useless in
> case of data loss.
>
You'll have to explain this, you're basically saying that file
encryption is worthless. How does backing up the keys expose them to
hackers?
>
>> Do software developers keep backup keys available for this situation
>> or am I hosed? Is there anything on the marked to decrypt these
>> files?
>
> Developers of secure encryption software (i.e. not closed-source)
> generally don't keep such "backup keys", because again that would render
> the entire security system completely pointless.
>
> If the cipher used is a secure one, then yes, you're hosed. There are
> programs for brute-forcing, but if your keys were random (i.e. not
> generated from a passphrase), then don't bother -- your data is lost.
>
>
> Regards,
> Ertugrul Söylemez.
>
>
| 
XML site map