[Dataloss] TJX breach shows that encryption can be foiled
Adrian Sanabria
adrian.sanabria at gmail.com
Tue Apr 3 03:58:53 UTC 2007
So frustrating, getting little bits of technical info at a time. It is even
common for people to refer to something password protected as "encrypted".
Just the phrase "decryption tool" is a big clue. Clue to what, I don't know,
but most encryption I've worked with would never lead me to use that phrase.
Can anyone think of a specific product that would refer to? The only thing I
can think of is the decryption tool (usually put on a bootable floppy or cd)
Helpdesk and Security use to decrypt most enterprise full disk encryption.
--Sawaba
On 4/2/07, Chris Walsh <cwalsh at cwalsh.org> wrote:
>
>
> On Apr 2, 2007, at 2:44 PM, Casey, Troy # Atlanta wrote:
>
> > It should make for a short list of suspects, assuming TJX was doing a
> > reasonable job of key management...
>
> That (reasonable key management) is a critical assumption.
>
> I'd be interested in learning what algorithm (and implementation
> thereof) they were using, as well.
>
> Not holding my breath on that info :^)
>
> cw
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 203 million compromised records in 609 incidents over 7
> years.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20070402/493b45ea/attachment.html
More information about the Dataloss
mailing list