So why don't we use full disk encryption on all mobile devices?

Discussion in 'Computer Security' started by Saqib Ali, Oct 13, 2006.

  1. Arthur T. ha scritto:
    You don't even need to send this file to them. It is enough to open it
    with a text editor to find userid and reset password in plaintext!!!
    To emphasize the BIG security limit of this program, if someone manages
    to access your pc with administrative privileges (e.g. if you leave it
    unattended and logged in, or if you let someone to use your pc, at
    work, for example) even for few minutes he/she can create this
    Securityinfo.dat file and use it to gain the reset password. This can
    obviously happen also if he/she manages to obtain the Securityinfo.dat
    file you created during the installation (i.e. because you did not
    store it in a safe place).
     
    paolo.digiacomo, Nov 21, 2006
    #21
    1. Advertisements

  2. Saqib Ali

    Arthur T. Guest

    In
    Message-ID:<>,
    You're right. It's right there.

    When installing, CompuSec tells you to back up the file to
    external media in case something happens to the file on your hard
    disk. I don't think the program says that the information can be
    used *all*by*itself* to break into your machine. I had figured it
    was like the PGP keyring: You're sunk without it, but, even with
    it, you need your passphrase.
     
    Arthur T., Nov 21, 2006
    #22
    1. Advertisements

  3. Arthur T. ha scritto:
    Unfortunately it is not like PGP keyring, because with the reset
    password you can boot the encrypted PC using "help" as a login and the
    reset password get from the plaintext Securityinfo.dat file. So it is
    enough to have this file to gain access to the machine. Moreover you
    can't be safe even if you keep this file well protected, because it can
    be regenerated if a user manages to access your pc with administrative
    privileges (and it sounds to me like a security vulnerability).
     
    paolo.digiacomo, Nov 22, 2006
    #23
  4. Saqib Ali

    Saqib Ali Guest

    This is exactly why I like the Challenge/Response Password recovery
    mechanism offered by Utimaco or Pointsec much more. It allows the
    password to be recovered in a secure manner.

    Some benefits of challenge/response password recovery:

    1. No confidential data is exchanged.
    2. Attempts to "eavesdrop" or use data gathered by "listening in"
    fail.
    3. Can also be used for devices without a network connection. i.e. it
    works for users that are at remote location.
    4. No need for the user to carry a disc with recovery encryption key.
    5. The user can start working again after only a short interruption.

    saqib
    http://www.full-disk-encryption.net
     
    Saqib Ali, Nov 22, 2006
    #24
  5. Saqib Ali

    sam.weiner1

    Joined:
    Dec 16, 2009
    Messages:
    1
    Likes Received:
    0
    Full disk encryption enablement

    Part of the problem, it seems to me, is getting full disk encryption deployed to mobile devices.

    Has anyone checked out Fiberlink Communications? They claim to be able to deploy not only full disk encryption (from a variety of vendors), but also a range of AV solutions, DLP, etc.
     
    sam.weiner1, Dec 16, 2009
    #25
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.