|
List Info Thread: Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE? |
|
List Info Thread: Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
gmail.com> wrote:
> Since when did AES-128 become "snake-oil
crypto"? How come I missed
> that? Compusec uses AES-128 . And as far as I know AES
is NOT
> "snake-oil crypto"
He didn't say that AES is snake oil. He says he wants
assurance that
the tool operates correctly. Using AES to generate an XOR
key is still
using AES, but it's using it poorly.
> Closed-source doesn't mean that it is
"snake-oil". If that was the
> case, the Microsoft's EFS, and Kerberos implementation
would be "snake
> oil" too.
He didn't say that closed source is snake oil. He says he
wants
assurance that the tool operates correctly. The kind of
assurance you
get from having a completely open design and
implementation.
This is right up there with Seagate's encrypting disk which
Dave Korn
(rightfully) expressed dismay over...
"And the reason is that software vendors, particularity
software
vendors in the security world need to have some place to
hide their
secrets. And we provide the perfect place to hide secrets,
because we
can cryptographically handle things in a way that makes very
difficult
to snoop or sniff the secrets. We have hidden operation in
the drive
as well as hidden storage place that normally can't be
accessed via
ATA commands. So in a way we have a bit of a black box, in
terms of a
security device, that no one knows what is going on in
there, and it
is a perfect place to hide stuff."
That's just wrong on so many levels. I want to know exactly
how my
data is being transformed and stored. I want to be
absolutely sure
that the on-disk representation of my data is critically
dependent on
my key, and not on some vendor-derived key based on my disk
serial
number. I want to know for sure that reading sector -42
won't hand you
back my key. I want to know that my encryption software
isn't somehow
leaking my key. etc.
Hand me a crypto tool so well designed, so carefully audited
and so
rigourously proven that it's approved for storing the
government
secrets until the end of time... I'll still say "that's
nice, where's
my copy of the source code".
CK
--
GDB has a 'break' feature; why doesn't it have 'fix' too?
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomo