[Dataloss] (article) "We recovered the laptop!" ... so what?

Adam Shostack adam at homeport.org
Sat Feb 17 16:28:14 EST 2007


I do't believe that's effectively multi-person control of the data in
the fashion that your nuclear launch analogy evokes.  It may be
multi-person or multi-factor initilization, but once the system is up
and running, there are in-memory processes which have access to all
the data on the disk.

On Fri, Feb 16, 2007 at 11:21:50PM -0500, sawaba wrote:
| Many enterprise disk encryption appliances use M of N key sharing, such as 
| those from Decru and Neoscale. Password-protected smart cards are used to 
| store the key shares.
| 
| --Sawaba
| 
| On Fri, 16 Feb 2007, Adam Shostack wrote:
| 
| >When we wanted to perform m of n key backup for the master keys at
| >Zero Knowledge systems, there was nothing commercially available.  Is
| >there anything now? I'm unaware of anyone who uses m of n sharing in
| >the real enterprise systems.  Please enlighten me.
| >
| >
| >On Wed, Feb 14, 2007 at 10:03:41PM -0500, sawaba wrote:
| >| When serious encryption is needed, key management is as important as the
| >| algorithm and key strength used. Most people have seen in the movies when
| >| it takes multiple keys turned at the same time to activate the firing
| >| mechanism for a nuclear weapon. It is similar in many enterprise data
| >| encryption situations (minus the threat of worldwide destruction). M of N
| >| key management requires a certain minimum number (say 3 of 6) of
| >| custodians to input their piece of the key to decrypt the data.
| >|
| >| Obviously, this doesn't work when you need to log into your laptop ("yeah
| >| Bob, this is Mike, could you come down to Starbucks and log me in again? 
| >I
| >| went to the bathroom and it powered off while I was gone"). So, we come
| >| back to the fact that certain kinds of data shouldn't be on laptops in 
| >the
| >| first place.
| >|
| >| --Sawaba
| >|
| >| On Tue, 13 Feb 2007, Adam Shostack wrote:
| >|
| >| >Speaking for myself here.  As I understand things:
| >| >
| >| >Certain versions of Vista (I think Ultimate and Enterprise) include
| >| >Bitlocker whole drive encryption.  It's not on by default because of 
| >issues
| >| >about key management.  So just upgrading to Vista, in and of itself,
| >| >doesn't change anything.
| >| >
| >| >Bitlocker itself has a bunch of modes, ranging from keys stored in a
| >| >TPM and unlocked with a PIN, to keys stored on the hard drive and
| >| >unlocked with a password.  How you actually protect the encryption
| >| >keys might be seen as important.  I don't know if anyone has done a
| >| >comparison against state laws.
| >| >
| >| >Adam
| >| >
| >| >On Tue, Feb 13, 2007 at 07:34:43AM -0500, Herve Roggero wrote:
| >| >| Let me give an example: If I do business in California, and my
| >| >unencrypted
| >| >| laptop gets stolen with 100,000 SSNs in it, stored in clear text. I 
| >need
| >| >to
| >| >| disclose this loss and reach out to 100,000 people to comply with SB
| >| >1386.
| >| >|
| >| >| Now, if I upgrade my laptops to MS Vista, can I get away with it?
| >| >|
| >| >|
| >| >|
| >| >| I?m only asking as I am seeing an interesting response from CXO
| >| >individuals
| >| >| looking at MS Vista as a solution to their laptop/legal issues. If 
| >there
| >| >is no
| >| >| official technical workaround to this encryption and it takes 
| >thousands
| >| >or
| >| >| millions of years to crack, then it may fall under the ?reasonable?
| >| >steps to
| >| >| protect information and become a powerful tool for businesses looking 
| >to
| >| >| comply.
| >| >|
| >| >|
| >| >|
| >| >| Thank you
| >| >|
| >| >| Herve Roggero
| >| >|
| >| >| Managing Partner, Pyn Logic LLC
| >| >|
| >| >| Cell: 561 236 2025
| >| >|
| >| >| Visit www.pynlogic.com
| >| >|
| >| >|
| >| 
| >>-------------------------------------------------------------------------------
| >| >|
| >| >| From: blitz [mailto:blitz at strikenet.kicks-ass.net]
| >| >| Sent: Monday, February 12, 2007 8:14 PM
| >| >| To: Herve Roggero
| >| >| Cc: dataloss at attrition.org
| >| >| Subject: RE: [Dataloss] (article) "We recovered the laptop!" ... so 
| >what?
| >| >|
| >| >|
| >| >|
| >| >| Ok, so youve got a copy of an encrypted disk to crack at your leisure.
| >| >The data
| >| >| is still compromised and in someone elses hands, and they have no idea
| >| >if its
| >| >| secure or not.
| >| >| That still counts as a loss in my book.
| >| >|
| >| >| At 08:54 2/12/2007, you wrote:
| >| >|
| >| >|
| >| >| Hi everyone
| >| >|
| >| >| This thead is very interesting. All techniques so far deal with 
| >reading
| >| >data at
| >| >| a low level. Will Windows Vista prevent techniques such as Symantec
| >| >Ghost? I
| >| >| understand that Vista performs bit-level encryption with its BitLocker
| >| >| technology.
| >| >|
| >| >| Thanks.
| >| >|
| >| >| Herve Roggero
| >| >| Managing Partner
| >| >| Pyn Logic LLC
| >| >| Visit www.pynlogic.com
| >| >|
| >| >
| >| >| _______________________________________________
| >| >| Dataloss Mailing List (dataloss at attrition.org)
| >| >| http://attrition.org/dataloss
| >| >| Tracking more than 148 million compromised records in 573 incidents 
| >over
| >| >7 years.
| >| >
| >| >_______________________________________________
| >| >Dataloss Mailing List (dataloss at attrition.org)
| >| >http://attrition.org/dataloss
| >| >Tracking more than 148 million compromised records in 573 incidents 
| >over 7
| >| >years.
| >| >
| >


More information about the Dataloss mailing list