|
Posted by Volker Birk on January 25, 2007, 4:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
[about DriveCrypt]
> Anyway, who cares? You're running DriveCrypt, thus the encryption is just a
> worthless additional transformation of your data.
Do you have any proof of these claims?
Unfortunately, SecureStar only have advertizing nonsense about their
product DriveCrypt on their website:
| 1344 Bit Military Strength disk encryption using the best and most
| proven cryptographic algorithms such as AES, Blowfish, Tea 16, Tea 32,
| Des, Triple Des, Misty 1 and Square.
Nonsense.
But advertizing nonsense is very common, and maybe this product is good
nevertheless.
What exactly is your problem with DriveCrypt?
Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz
<https://events.congress.ccc.de/congress/2006/Fahrplan/events/1422.en.html>
|
|
Posted by Sebastian Gottschalk on January 25, 2007, 5:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
Volker Birk wrote:
> [about DriveCrypt]
>> Anyway, who cares? You're running DriveCrypt, thus the encryption is just a
>> worthless additional transformation of your data.
>
> Do you have any proof of these claims?
Just encrypt something with DriveCrypt and run a program with high memory
consumption in parallel. Most likely, the plain encryption key will end up
in your swap file.
> Unfortunately, SecureStar only have advertizing nonsense about their
> product DriveCrypt on their website:
>
>| 1344 Bit Military Strength disk encryption using the best and most
>| proven cryptographic algorithms such as AES, Blowfish, Tea 16, Tea 32,
>| Des, Triple Des, Misty 1 and Square.
>
> Nonsense.
Nah, the 1344 bit aren't nonesense. It's Triple-BlowFish, even though it
would have an effective security of 896 bits at best.
And at least AES, BlowFish, 3DES and Square are best proven. The rest is
trivially broken.
> But advertizing nonsense is very common, and maybe this product is good
> nevertheless.
No, see the snake-oil FAQ. If you can't assume that a cryptographic
software is fully trustworthy in any aspect, it should be considered
useless.
|
|
Posted by Volker Birk on January 25, 2007, 5:42 am
If you were Registered and logged in, you could reply and use other advanced thread options > Just encrypt something with DriveCrypt and run a program with high memory
> consumption in parallel. Most likely, the plain encryption key will end up
> in your swap file.
Nice. But not significant, because no-one will handle this like that.
> > Unfortunately, SecureStar only have advertizing nonsense about their
> > product DriveCrypt on their website:
> >| 1344 Bit Military Strength disk encryption using the best and most
> >| proven cryptographic algorithms such as AES, Blowfish, Tea 16, Tea 32,
> >| Des, Triple Des, Misty 1 and Square.
> > Nonsense.
> Nah, the 1344 bit aren't nonesense. It's Triple-BlowFish, even though it
> would have an effective security of 896 bits at best.
There is no "Triple-BlowFish" in the text above, so the text remains
nonsense. And: more than 256bit with a secure block cypher is nonsense, too.
> And at least AES, BlowFish, 3DES and Square are best proven. The rest is
> trivially broken.
Nonsense, yes. Even DES is mentioned.
> > But advertizing nonsense is very common, and maybe this product is good
> > nevertheless.
> No, see the snake-oil FAQ. If you can't assume that a cryptographic
> software is fully trustworthy in any aspect, it should be considered
> useless.
I disagree. The advertizing is nonsense, accepted. And this does not
improve my trust into this company. But you're claiming, that the
encryption can be trivially broken, so please offer proofs for that
claim.
Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz
<https://events.congress.ccc.de/congress/2006/Fahrplan/events/1422.en.html>
|
|
Posted by Sebastian Gottschalk on January 25, 2007, 7:12 am
If you were Registered and logged in, you could reply and use other advanced thread options
>> Just encrypt something with DriveCrypt and run a program with high memory
>> consumption in parallel. Most likely, the plain encryption key will end up
>> in your swap file.
>
> Nice. But not significant, because no-one will handle this like that.
Not significant? Swapping can occur at every moment, this setup just makes
it more likely to demonstrate this issue.
And, of course, this is an issue. You can trivially mark small regions of
memory as non-swappable. This is a prerequisite for about any key handling
in any crypto product.
>>> Unfortunately, SecureStar only have advertizing nonsense about their
>>> product DriveCrypt on their website:
>>>| 1344 Bit Military Strength disk encryption using the best and most
>>>| proven cryptographic algorithms such as AES, Blowfish, Tea 16, Tea 32,
>>>| Des, Triple Des, Misty 1 and Square.
>>> Nonsense.
>> Nah, the 1344 bit aren't nonesense. It's Triple-BlowFish, even though it
>> would have an effective security of 896 bits at best.
>
> There is no "Triple-BlowFish" in the text above,
The Triple-Blowfish is what the implementation offers, thus the claim
actually holds: There is a 1344 bit cipher-cascade in the product.
> And: more than 256bit with a secure block cypher is nonsense, too.
Well, that's clear. I guess the argument just addresses those fools who
don't get that just brute-forcing a 128 bit cipher generally requires more
energy than boiling the oceans.
>> And at least AES, BlowFish, 3DES and Square are best proven. The rest is
>> trivially broken.
>
> Nonsense, yes. Even DES is mentioned.
Well, TEA in all variants breaks because it's insecure, not because of too
short keylengths like DES.
|
|
Posted by Volker Birk on January 25, 2007, 9:33 am
If you were Registered and logged in, you could reply and use other advanced thread options > Swapping can occur at every moment
No.
Page swapping is implemented by an LRU or derived algorithms. A used page
will not be swapped out randomly.
> And, of course, this is an issue. You can trivially mark small regions of
> memory as non-swappable.
Here you're right. But it is not significant.
> The Triple-Blowfish is what the implementation offers, thus the claim
> actually holds: There is a 1344 bit cipher-cascade in the product.
There is no claim "There is a 1344 bit cipher-cascade in the product."
or I didn't find it.
> > And: more than 256bit with a secure block cypher is nonsense, too.
> Well, that's clear.
OK.
Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz
<https://events.congress.ccc.de/congress/2006/Fahrplan/events/1422.en.html>
|
|
XML site map