Maybe common disk encryption is so compromised, there's no point to implementing?

Stewart C. Strait sstrait1 at san.rr.com
Sat May 3 11:17:37 PDT 2014


On Sat, May 03, 2014 at 09:39:02AM -0700, Tony Su wrote:
...
> I'm in the early stages of inspecting and verifying what I've read that
> these encryption methods are completely exposed if a memory dump can be
> obtained immediately after a login attempt (and of course failure). From
> what I've read, all machines will load the required "secrets" into memory
> to compare with input so are completely exposed.
...
This sounds like there's some confusion between password protection and
encryption. 

My impression is that
with encryption, there are supposed to be no "secrets" in
unencrypted form at all. When the user logs in or opens a file, the user
provides a key, the only unencrypted "secret". The system uses the key to
decrypt data, perhaps first decrypting some additional key material.
Rather than displaying garbage to the user if the key is wrong, typically
the system checks that the decrypted data passes some
sort of error detection test. This is a comparison of parts of the newly
decrypted data with other parts--there is no unencrypted data kept around
for comparison.

With password protection there are typically secrets or hashes of secrets
on disk, so there are additional vulnerabilities.

What's actually going on with the vulnerable disk encryption?
What's encrypted and what isn't?

Stewart Strait



More information about the KPLUG-List mailing list