Home page logo
/

basics logo Security Basics mailing list archives

Re: Good design for a Algorithmically Derived Passphrase for FDE (?!)
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 19 Nov 2007 16:53:34 +0100

On 2007-11-18 ManInWhite wrote:
I have been tasked with deploying partition based encryption for our
fleet of laptops.

It has been suggested that we use an algorithm derived passphrase
based on some unique hardware number. [ HDD Serial# / Laptop Serial# ]

Then your security would depend on the attacker not knowing the
algorithm for deriving the passphrase from the serial numbers (which
will be known to him once he has access to the hardware).

Bad idea. Don't do that.

The only good design for algorithmically derived passphrases is not to
have algorithmically derived passphrases.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]