Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Protecting the Operating System

Reply
Thread Tools

Protecting the Operating System

 
 
Borked Pseudo Mailed
Guest
Posts: n/a
 
      09-30-2006
Arthur T. wrote:

> The same file says: "The security file, SecurityInfo.dat, is
> unique to a computer. It can only be used for the machine where it
> was initially created." That leads me to believe that if your
> computer dies, but your HD is still okay, it doesn't matter.
> You're SOL unless you've taken traditional backups (which I do,
> anyway).


This sorta defeats the whole purpose. You're encrypting to keep anyone
from being able to access your data for a few billion years or
whatever, but making clear text backups that can be owned in a few
seconds even if someone has to take C4 to your safe.

I'd also wager the SecurityInfo.dat scheme is pretty easy to circumvent
as a security measure. The data is derived from widely known, easily
obtainable information that could be trivially forged in special
hardware or emulation at the very least.

It's starting to become clearer and clearer why CompuSec is closed
source. And why it will never be truly usable on Linux machines.

 
Reply With Quote
 
 
 
 
OSbandito
Guest
Posts: n/a
 
      09-30-2006
Ricardo, from my beginner's perspective, I think Sebastian's "The
solution is to store the MBR and its chained programs on a separate
removable media.." was pretty close. BUT how about my simpleton's
solution: pick up one of those cigarette-pack-size WD or similar brand
USB hard-drives? Just keep it in your briefcase and plug into the box to
start up. All of your stuff will remain with you at all times. BIOS
issues here are beyond my knowledge at present.
 
Reply With Quote
 
 
 
 
cooldude11 cooldude11 is offline
Junior Member
Join Date: Oct 2006
Posts: 1
 
      10-23-2006
Quote:
Why incur the performance penalty
of decryption on the OS when its just the data files that need to be
protected?
This guy hasn't a clue. Sounds like one of Microsoft's incompetents. Think of all the evidence that gets messed around simply by opening a file in Windows. Making sure every possible detail goes through the encryption process is very logical. You could leave an OS alone and simply encrypt data files to be burned to media and yes your data is protected from Republican government snoops, but the OS can give someone enough information to say "hey, this guy is guilty". That's the problem with some pc experts. They know so damn much that when they analyze something it's like watching the lottery, even they don't know what's gonna come out.
 
Reply With Quote
 
Arthur T.
Guest
Posts: n/a
 
      11-08-2006
In Message-ID:<Xns984E5F28F26ACabcxyzcom@204.153.244.170>,
"nemo_outis" <(E-Mail Removed)> wrote:

>I haven't checked whether the password/phrase is limited to 16 bytes or
>whether only alphanumeric characters can be entered. Have you confirmed
>this or are you going by some documentation?
>
>Sixteen bytes, if it could be fully used, is, of course, 128 bits - full
>equivalence.
>
>If one can only enter upper and lower case alphas & numbers, then the
>maximum strength is (26 x 2 + 10)^16 which is (just over) 95 bits, as you
>say.


Sorry for the delay, but I just finished installing and
uninstalling Compusec. Following is an edited version of
something I posted to someone else, here:

Yes, you are limited to 16 alphanumeric characters. Even
worse, you *must* have two passwords (one for password recovery),
so I figure that brings it down to just over 94 bits.

Also, there's something akin to a back-door in Compusec. In
their Yahoo support group, one message said:

>Hi, may I recommend you to send your Securityinfo.dat file to:
>
>support.sg@ce-infosys
>
>Send it with a request to have them extract your UserID and password
>reset code.
>
>Let us know if you encounter any problem.
>
>CE-Infosys




--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a good MVS systems programmer position
 
Reply With Quote
 
Matthew Fanto
Guest
Posts: n/a
 
      11-09-2006

Ricardo wrote:
> The encryption seems excellent AES-256 algotithm.....


[snip the rest]

> P.S. Have just noticed free stuff called CompuSec PC Security Suite which
> seems both Windows and Linux compatible though as compared to DriveCrypt it
> uses weaker encrypting algorithm AES-128 and looks like is much slower.


AES-128 should not be considered "weaker" than AES-256. A 128-bit key
is just great for security. The difference in the number of rounds used
is also a minor point, since there is no attack on full AES. AES-256 is
actually slower than AES-128 because it uses more rounds per
encryption.

Unless you are worried about the widepsread deployment of quantum
computers, you shouldn't be basing any decision on AES-128 vs AES-256.
Any difference between the two is more in the realm of theoretical
cryptography, and is of no practical concern for people using crypto.
And besides, it's more likely they screwed up something like a MAC than
there is a full break on AES.

 
Reply With Quote
 
SW
Guest
Posts: n/a
 
      12-10-2006
On Mon, 25 Sep 2006 06:58:21 -0500, "Vanguard"
<(E-Mail Removed)> wrote:

>"Ricardo" <(E-Mail Removed)> wrote in message
>news:c6eac$4516d82a$57cf8a7f$(E-Mail Removed) ...
>> Hello,
>> I have just come to the conclusion that the only way to protect the
>> machine
>> with free physical access to anauthorized personnel is... to encrypt
>> it.
>> Unfortunately it seems that this can be done only the lonely by
>> DriveCrypt
>> software which costs a lot. It's wonderful stuff indeed allowing to
>> encrypt
>> the drive with authentication feature at the pre-boot level!


Question. What good is having HD encryption when all you have to do is
have comp reboot from WinXP CD and reformat and then retrieve files
from HD. I have not done this with my computer but sometime back after
formatting my HD twice I retrieve my files with ease.

 
Reply With Quote
 
Bogwitch
Guest
Posts: n/a
 
      12-10-2006

"SW" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Mon, 25 Sep 2006 06:58:21 -0500, "Vanguard"
> <(E-Mail Removed)> wrote:
>
> >"Ricardo" <(E-Mail Removed)> wrote in message
> >news:c6eac$4516d82a$57cf8a7f$(E-Mail Removed) ...
> >> Hello,
> >> I have just come to the conclusion that the only way to protect the
> >> machine
> >> with free physical access to anauthorized personnel is... to

encrypt
> >> it.
> >> Unfortunately it seems that this can be done only the lonely by
> >> DriveCrypt
> >> software which costs a lot. It's wonderful stuff indeed allowing to
> >> encrypt
> >> the drive with authentication feature at the pre-boot level!

>
> Question. What good is having HD encryption when all you have to do is
> have comp reboot from WinXP CD and reformat and then retrieve files
> from HD. I have not done this with my computer but sometime back after
> formatting my HD twice I retrieve my files with ease.


Old message?

I'm not quite sure what you are talking about. I'm sure it is possible
to retrieve files (at least some of them) after a reformat BUT, if the
HD is *ENCRYPTED* all the files on it should be an undiscernable mess.
If you have retrieved files after a reformat on an *ENCRYPTED* drive,
please name and shame the encryption software here!

Bogwitch.


 
Reply With Quote
 
Saqib Ali
Guest
Posts: n/a
 
      12-10-2006
> Question. What good is having HD encryption when all you have to do is
> have comp reboot from WinXP CD and reformat and then retrieve files
> from HD. I have not done this with my computer but sometime back after
> formatting my HD twice I retrieve my files with ease.


yea you might be able to retrieve 1s and 0s and not any useful data
(i.e. information). everything will be encrypted and all you will get
is undecipherable 1s and 0s.....

saqib
http://www.full-disk-encryption.net

 
Reply With Quote
 
SW
Guest
Posts: n/a
 
      12-10-2006

>I'm not quite sure what you are talking about. I'm sure it is possible
>to retrieve files (at least some of them) after a reformat BUT, if the
>HD is *ENCRYPTED* all the files on it should be an undiscernable mess.
>If you have retrieved files after a reformat on an *ENCRYPTED* drive,
>please name and shame the encryption software here!


hmm, I think you answered my question. It does make sense that a
scrambled HD is the same after a reformat.
>
>Bogwitch.
>


 
Reply With Quote
 
Bogwitch
Guest
Posts: n/a
 
      12-10-2006

"SW" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> >I'm not quite sure what you are talking about. I'm sure it is

possible
> >to retrieve files (at least some of them) after a reformat BUT, if

the
> >HD is *ENCRYPTED* all the files on it should be an undiscernable

mess.
> >If you have retrieved files after a reformat on an *ENCRYPTED* drive,
> >please name and shame the encryption software here!

>
> hmm, I think you answered my question. It does make sense that a
> scrambled HD is the same after a reformat.


Yes, but my point is that the information will be an undiscernable mess,
or should be. If you can identify previous individual files, even if the
contents are indecipherable, rather that seemingly randon data then the
HD encryption is flawed, even if the same passphrase is used.
If you, as you say, have recovered files from an encrypted filesystem
after a reformat I would be:

A) Very suprised
B) Very keen to learn what encryption product you used.

Bogwitch.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
connecting both computers with different operating system together naderbd Wireless Networking 1 07-29-2005 12:47 AM
Sun to Give Out Operating System for Free Rich Firefox 7 11-16-2004 07:47 PM
How to get the Operating System info like ( Wireless info, Wireless connection) Vasanth Perl 0 06-28-2004 08:56 AM
Re: 32 bit operating system Consultant MCSE 0 01-08-2004 02:58 PM
Re: 32 bit operating system Politician Spock MCSE 0 01-08-2004 02:55 PM



Advertisments