Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

On Tue, 16 Jan 2007 08:19:41 -0800
"Saqib Ali" <docbook.xmlgmail.com> wrote:

> Dr. Bellovin,
> 
> > In most situations, disk encryption is useless and
probably harmful.
> > It's useless because you're still relying on the
OS to prevent
> > access to the cleartext through the file system,
and if the OS can
> > do that it can do that with an unencrypted disk.
> 
> I am not sure I understand this. With FDE, the HDD is
unlocked by a
> pre-boot kernel (linux). It is not the function of the
resident OS to
> unlock the drive.

Not necessarily -- many of my systems have multiple disk
drives and
file systems, some of which are on removable media.  Apart
from that,
though, this is reinforcing my point -- what is the threat
model?
> 
> > It's harmful because you can
> > lose a key.  (Your web page does address that, but
I'm perplexed --
> > what is challenge/response authentication for key
recovery?)
> 
> Challenge/Response password recovery, as I understand,
is a very
> simplified implementation of Secret Sharing. It allows
for 2 parties,
> in this case the IT HelpDesk and the User, to
collaborate and recover
> a Secret.
> 1) Upon forgetting the password, the user calls the
Help Desk.
> 2) The IT Help Desk authenticates the user in the usual
ways (e.g.
> check office voice mail etc), as the policy dictates.
> 3) Once authenticated the user give the partial secret
to the
> HelpDesk. 4) The HelpDesk then combine it with the
secret they have
> to produce a temporary password.
> 5) The temporary password is then used to unlock the
HDD "once", and
> new credentials are created.
> 
I wouldn't call that "challenge/response", I'd
call that key escrow.
Key escrow isn't a bad idea for storage encryption, but you
need
*really* good authentication mechanisms for the backup
channel.
Visualize this phone call to the help desk:  "Hi, I'm
Pat, the CFO.
I'm in New York for the Board meeting, and my laptop
blue-screened and
won't reboot -- it's not accepting my passphrase. 
Help!"  Of course,
more or less by definition, Pat isn't online at that point,
so the help
desk can't manipulate anything remotely.  (I should add that
most
secondary authentication mechanisms I've seen are garbage,
especially
when it comes to people on the road.  Since we're talking
about laptops
here, that's a very serious threat.)

I don't dispute the need for FDE for (many) laptops.  But
remember that
security is a systems property; it's not something you can
get by
bolting on crypto.



		--Steve Bellovin, http://www.cs.columbi
a.edu/~smb

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com