1) Yes, you can boot off a USB device, or so my Mac's firmware claims.
2) No, you can't use a CD-R/W as a floppy, because it isn't really rewritable, but rather erasable. You have to erase the whole thing at a time, rather than changing one byte like you can a floppy or hard disk.
If you want to risk your data like that, so be it.
Heh. The bug that deletes your home directory was fixed almost immediately after the initial release. And I back up, although it would be a pain to restore ~/.
Win2k and above use DESX, an extension of DES that allows for an effective 120bit keylength when compared to plain DES. This allows reasonable security without the overhead of say 3DES.
DESX is broken, and not just academically. See Applied Cryptography for details (it's by Bruce, btw). Any instance of DESX that is as fast as DES is no more secure. It is only slightly better in strength vs performance than 3DES. It was a nice idea, but it didn't work out.
This sounds like vaporware. It will never make it to the market: "ballistic magnetoresistance" just doesn't capture the imagination. Extraordinary magenetoresistance was a good start, but I'm looking for the next biggest thing in hard drive technology from either "bloody huge magnetoresistance" or "fucking enormous magnetoresistance" technologies.
Geez. They might as well have named it obese magnetoresistance. Ballistic my ass.
This is a very important point. People don't usually haul around big hard drives, especially in bigger cases. Getting such hard drives stolen is rarely a point of failure (yeah, Canadian blah IBM blah blah). Much more of a risk is someone hacking it while it sits there connected to a computer with the dongle in.
Maybe something like this would be useful on a laptop, but encrypted loopback devices probably solve the problem better because the dongle could get lost, stolen etc. The only thing you have to worry about there is speed.
The biggest problem seems to be how to get the password into such a device. The next disk format / drive type spec should have optional encryption (of the whole drive) built into the spec to allow the password to be entered in a user-friendly manner. This would allow, say, encryption on CDs that is transparent to userland processes (not for copy protection, but for data protection).
Yes it is. At least, it's security partly through obscurity. It just doesn't make so much of a difference when you have the NSA to analyze the algorithm.
However, it is speculated that the real reason the NSA keeps their algorithms secret is because they don't want super-good crypto to fall into "the wrong hands."
I think the weak encrypion was compromise since, as many have pointed out, the hard drive is rather slow and it has to encrypt things...
All the AES candidates (Rjindael, Twofish, Serpent, MARS, etc) were engineered to be as fast as possible in software and in hardware. Encryption chips are already available for Rjindael and IIRC Twofish as well; even if not, they could make an ASIC for it on such a big project. Speed is not an issue here.
DES is bitching fast in hardware. What makes it slow in software is a bunch of switching bits around that doesn't really increase the security much. Easy to do in hardware: just cross the wires.
As other posters have noted, DES hcan easily be brute-forced because its key length is too short. It is also academically "broken," meaning that there is an attack faster than brute force.
A linear attack breaks DES in 2^40-something encryptions and 2^40-something known plaintexts (compare 1 known plaintext and 2^53 work for brute force). This means order of 10 terabytes of data, though, so we don't have to worry about it. Nobody will be using DES by the time anyone will be lazy enough to encrypt 10TB of data with a weak code.
No harm. Just cite if you quote someone: as irritated as I am at Taco for handing out free karma, I'm more irritated when people capitalize and take that karma.
You, sir, have reposted my comment, without so much as reading it. This should be evident from the bullets beneath it. That was a very naughty thing to do, and I request that you immediately cease and desist.
Yes, you're right. What I mean to say was that XOR against a fixed key used to encrypt several messages, as jturkey suggested, is woefully easy to crack (although ahead of ROT-13 in that it *has* a secret key). I am quite aware that its use in, say, a one-time pad is (literally, if your RNG is good) perfectly secure.
It seems as though you're setting up a straw man, and I'm not surprised that you succeeded in knocking it down.
I'd bet dollars to dimes that the scrambling algorithm is simply an xor of the identification code and the rolling code.... That's not encryption...its a slight mathematical obfuscation.
So you're saying, these guys are so stupid, I bet their encryption sucks. Wow, that encryption really does suck! What idiots!
...but judging from their description of the cryptosystem...
And if their "scrambling code" is AES, or Skipjack, or Twofish, what then? (OK, so these codes are too new, but even say DES would be much more than enough to secure a garage door opener.)
...its only a half-step up from rot-13.
I'd say XOR is a minor fifth up from rot-13, but that's beside the point. You're right that XOR is woefully easy to crack; in this case there is an easy, short-linear-time attack if you can sniff them once.
Some spook (don't remember which one) degaussed a hard drive once. He might as well have just destroyed it, because he bent the r/w heads.
Doesn't work anymore. The magnets in the disk are too "hard" and can't be degaussed by any reasonble-sized magnet. Thermite is the approved method of secure disposal, although that's messy.
If you're going to stop short of total physical destruction of the disk (not just some pansy break-it-into-pieces thing), you might as well just overwrite it with Guttmann codes, followed by random data, followed by more Guttmann codes. If they can get it after that, they can get it if you smash it into a thousand pieces.
I am intrested in running it on my computer to actually see what I can recover and see how well PGP's disk wipe function works.
Even a non-PGP disk wipe (eg zeroing) should make it impossible to recover in software, unless there were fragments of the data outside its file (eg in swap). What the PGP wipe function does is make it harder for EE departments/major labs/G-men to recover your data by looking for signatures of what was there before. This cannot be done by zeroing it. In fact, if the stuff you're deleting is really important, the only perfect way to remove it from the drive is with thermite (or C4, or acid, or...)
PGP (for windows or mac, ie not GPG) has two commands related to this: wipe file and wipe free space. They overwrite the appropriate sectors of the disk with several patterns designed to ensure that no matter what (common) encoding scheme the hard disk uses, every bit will have been set at least once, zeroed at least once, and overwritten with pseudorandom data at least once. If you set in on a lot of passes, it does an even better job. This would be a cheap (free, except for time and bandwidth to download it) way to make sure your sensitive data doesn't get out.
That said, experts would tell you that the only reliable way to make sure sensitive data doesn't get out is to thermite your drive.
Also, what's the one-line unix command (running MacOS X here).
Slashdot Mirror
-----BEGIN PGP SIGNED MESSAGE-----
[snip]
-----BEGIN PGP SIGNATURE-----
Why are you signing messages posted on Slashdot? Seems a little pointless to me. As if Taco will twist your words to make you sound like a moron.
... corporate espionage also leads to duped stories.
A nice example of a government perpetuating a working concept instead of trying inventing new ways to break things.
Exactly. Mean, stupid old Uncle Sam can occasionally do something right. Occasionally.
1) Yes, you can boot off a USB device, or so my Mac's firmware claims.
2) No, you can't use a CD-R/W as a floppy, because it isn't really rewritable, but rather erasable. You have to erase the whole thing at a time, rather than changing one byte like you can a floppy or hard disk.
If you want to risk your data like that, so be it.
Heh. The bug that deletes your home directory was fixed almost immediately after the initial release. And I back up, although it would be a pain to restore ~/.
Win2k and above use DESX, an extension of DES that allows for an effective 120bit keylength when compared to plain DES. This allows reasonable security without the overhead of say 3DES.
DESX is broken, and not just academically. See Applied Cryptography for details (it's by Bruce, btw). Any instance of DESX that is as fast as DES is no more secure. It is only slightly better in strength vs performance than 3DES. It was a nice idea, but it didn't work out.
This sounds like vaporware. It will never make it to the market: "ballistic magnetoresistance" just doesn't capture the imagination. Extraordinary magenetoresistance was a good start, but I'm looking for the next biggest thing in hard drive technology from either "bloody huge magnetoresistance" or "fucking enormous magnetoresistance" technologies.
Geez. They might as well have named it obese magnetoresistance. Ballistic my ass.
Is that really any better than Safari (from which I'm posting now), which had a bug that could cause your home directory to be silently removed?
This is a very important point. People don't usually haul around big hard drives, especially in bigger cases. Getting such hard drives stolen is rarely a point of failure (yeah, Canadian blah IBM blah blah). Much more of a risk is someone hacking it while it sits there connected to a computer with the dongle in.
Maybe something like this would be useful on a laptop, but encrypted loopback devices probably solve the problem better because the dongle could get lost, stolen etc. The only thing you have to worry about there is speed.
The biggest problem seems to be how to get the password into such a device. The next disk format / drive type spec should have optional encryption (of the whole drive) built into the spec to allow the password to be entered in a user-friendly manner. This would allow, say, encryption on CDs that is transparent to userland processes (not for copy protection, but for data protection).
And no, this is not security through obscurity.
Yes it is. At least, it's security partly through obscurity. It just doesn't make so much of a difference when you have the NSA to analyze the algorithm.
However, it is speculated that the real reason the NSA keeps their algorithms secret is because they don't want super-good crypto to fall into "the wrong hands."
I think the weak encrypion was compromise since, as many have pointed out, the hard drive is rather slow and it has to encrypt things...
All the AES candidates (Rjindael, Twofish, Serpent, MARS, etc) were engineered to be as fast as possible in software and in hardware. Encryption chips are already available for Rjindael and IIRC Twofish as well; even if not, they could make an ASIC for it on such a big project. Speed is not an issue here.
IF you wanted speed, wtf would you choose DES?
DES is bitching fast in hardware. What makes it slow in software is a bunch of switching bits around that doesn't really increase the security much. Easy to do in hardware: just cross the wires.
As other posters have noted, DES hcan easily be brute-forced because its key length is too short. It is also academically "broken," meaning that there is an attack faster than brute force.
A linear attack breaks DES in 2^40-something encryptions and 2^40-something known plaintexts (compare 1 known plaintext and 2^53 work for brute force). This means order of 10 terabytes of data, though, so we don't have to worry about it. Nobody will be using DES by the time anyone will be lazy enough to encrypt 10TB of data with a weak code.
For a safer evil pastime, check out this site. The good thing about these is you can shoot them at people.
Completely unrelated: WTF motivated the editors to post this under "science"? Should be "it's funny, laugh" or whatever.
No harm. Just cite if you quote someone: as irritated as I am at Taco for handing out free karma, I'm more irritated when people capitalize and take that karma.
You, sir, have reposted my comment, without so much as reading it. This should be evident from the bullets beneath it. That was a very naughty thing to do, and I request that you immediately cease and desist.
Yes, you're right. What I mean to say was that XOR against a fixed key used to encrypt several messages, as jturkey suggested, is woefully easy to crack (although ahead of ROT-13 in that it *has* a secret key). I am quite aware that its use in, say, a one-time pad is (literally, if your RNG is good) perfectly secure.
...the next version of iTunes will be coming soon with this exact same feature...
No. The next version of iTunes will let you stream music over Rendezvous. not pirate music over Rendezvous. There's a difference.
It seems as though you're setting up a straw man, and I'm not surprised that you succeeded in knocking it down.
...but judging from their description of the cryptosystem...
...its only a half-step up from rot-13.
I'd bet dollars to dimes that the scrambling algorithm is simply an xor of the identification code and the rolling code.... That's not encryption...its a slight mathematical obfuscation.
So you're saying, these guys are so stupid, I bet their encryption sucks. Wow, that encryption really does suck! What idiots!
And if their "scrambling code" is AES, or Skipjack, or Twofish, what then? (OK, so these codes are too new, but even say DES would be much more than enough to secure a garage door opener.)
I'd say XOR is a minor fifth up from rot-13, but that's beside the point. You're right that XOR is woefully easy to crack; in this case there is an easy, short-linear-time attack if you can sniff them once.
You call that easy? Just run Eraser. It makes a boot floppy that overwrites the disk with a 36-pass Guttmann code. Look, ma, no data!
It said "Do not apply pressure to top cover!"
Yeah, watch out, you might damage it!
Some spook (don't remember which one) degaussed a hard drive once. He might as well have just destroyed it, because he bent the r/w heads.
Doesn't work anymore. The magnets in the disk are too "hard" and can't be degaussed by any reasonble-sized magnet. Thermite is the approved method of secure disposal, although that's messy.
If you're going to stop short of total physical destruction of the disk (not just some pansy break-it-into-pieces thing), you might as well just overwrite it with Guttmann codes, followed by random data, followed by more Guttmann codes. If they can get it after that, they can get it if you smash it into a thousand pieces.
I am intrested in running it on my computer to actually see what I can recover and see how well PGP's disk wipe function works.
Even a non-PGP disk wipe (eg zeroing) should make it impossible to recover in software, unless there were fragments of the data outside its file (eg in swap). What the PGP wipe function does is make it harder for EE departments/major labs/G-men to recover your data by looking for signatures of what was there before. This cannot be done by zeroing it. In fact, if the stuff you're deleting is really important, the only perfect way to remove it from the drive is with thermite (or C4, or acid, or...)
PGP (for windows or mac, ie not GPG) has two commands related to this: wipe file and wipe free space. They overwrite the appropriate sectors of the disk with several patterns designed to ensure that no matter what (common) encoding scheme the hard disk uses, every bit will have been set at least once, zeroed at least once, and overwritten with pseudorandom data at least once. If you set in on a lot of passes, it does an even better job. This would be a cheap (free, except for time and bandwidth to download it) way to make sure your sensitive data doesn't get out.
That said, experts would tell you that the only reliable way to make sure sensitive data doesn't get out is to thermite your drive.
Also, what's the one-line unix command (running MacOS X here).