1. The unencrypted portion of the disk (boot record) can still be tampered with:
a. planting passphrase-stealing code in boot code for later retrieval
b. brute-forcing the passphrase
2. The user might only need to type in a short PIN number rather than a long passphrase. Often, the weakness of an encryption solution isn't the encryption, but bad practices on the part of the user, including bad passwords. A hardware-based solution means that a strong, cryptographically random password is generated, and then unlocked by a weaker password/PIN. However, the hardware chip restricts the number of guesses an attacker can make, meaning the entropy of the password/PIN is less relevant.
4. Resistance to cold boot" attack. This attack exploits the fact that the contents of RAM can be read even after shutting down a machine, meaning that cryptographic keys held in RAM can be obtained. Hardware-based full disk encryption (FDE) solutions retain the key (in a safe, tamper-resistant memory cache) rather than ever copying it to main memory.
Ultimately, the reason for the focus on hardware-based FDE has a lot to do with economics and little to do with conspiracy theories. Private enterprise knows that government and corporate mandates to secure mobile media mean that the demand for FDE will rise. Companies that are responsive will flourish; others will lose market share. Solutions that are later found to fail or have a backdoor in any form will be subject to massive liability, such as lawsuits, as well as massive divestment. It's economics, not geekdom, that is driving hardware-based FDE.
This is really old news, but a useful reminder that wireless access points should employ non-dictionary passphrases. To defeat even the most sophisticated password-guesser (one that combines dictionary-based and brute force password guessing), you can use a completely random password, such as one generated by by this FOSS utility: http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c14557/
Many options are available in addition to the 3 you've mentioned. The "best" choice depends on many factors, such as scalability, cost, and risk. TrueCrypt is free, but really isn't ready for enterprise use. As someone mentioned already, hardware-based FDE (like Seagate's Momentus drive) may very well be the most secure, but requires additional hardware acquisition and a time investment. BitLocker is an option, but requires upgrading to Enterprise or Ultimate (which can be done in-place, without a significant time investment, if I'm not mistaken).
Many other software-based products are out there, such as (off the top of my head) PGP WDE, Secude, WinMagic/SecureDoc, etc. The best option for your boss and your organization depends on multiple factors, factors that Slashdot readers are not privy to.
I disagree. If you've read the paper, you'll see that the researchers use refrigerant (compressed air bottle turned outside down so contents come out in liquid form and very cold) to sustain the contents of the DRAM for several minutes (rather than the seconds that that data would last at room temp). The Princeton researchers seem to know what they're talking about in their paper, so I'd say this is a credible threat.
Having said that, it still requires a certain amount of effort, timing, and, ideally, luck. Also, it does not appear possible at all (using this attack vector) when using on-board encryption such as Seagate's Momentus drive.
What to expect in the future? The attack is hardware-based, and a real solution will be hardware-based as well. FDE software can go so far as to use obfuscation tactics to make analysis more difficult in the meantime, though the threat will still exist so long as the hardware is vulnerable.
Absolutely true. I'm not proposing an "extreme" hands-off policy of government non-involvement. My view on this is that we already have institutions to handle monopolistic behavior (DOJ, for eg), as well as regulating the money supply (US Federal Reserve). Politicians, by contrast, tend to engage in short term-ism when negative market events occur (like the sub-prime lending fiasco) and also tend to use economic incentives in exchange for votes (promising "free" services, for example). Politicians should, ideally, not engage in such behavior, esp when we already have robust and non-partisan agencies for that purpose.
Back to the more specific subject of which candidate is best for technology (a narrow view, to be sure), I assert that the market is best for technological development and competitiveness. It is consumers who vote with their wallets when they purchase goods/services from a company. It is consumers who, therefore, choose the market's winners and losers. That is how it should be. Politicians should not make that determination. Historically, political involvement in any sector of the economy tends to make that sector less efficient and, regardless, benefit the few (the chosen winners) at the expense of the many (the companies that don't get special treatment and, notably, tax payers who subsidize the chosen winners).
The best candidate from the perspective of technology (or any private sector-driven sector) is the one who intrudes the least in the market, economically speaking. Of the candidates who are electable, I don't see a clear winner based on that single (but important) criterion.
I vaguely remember reading about this on Foreign Policy magazine's blog site. One possible explanation tha they proposed is that scientists and engineers who operate in that constricted cultural context tend to be angrier and, therefore, more likely to project that anger in violent jihad.
I disagree on the grounds that it's setting a bad economic precedent if our political leaders start awarding subsidies (income redistribution by another name) to students based on degree. Instead, they're free to encourage (via the media, their blog site, etc) education in science & people are free to act in their own rational self-interest based on that knowledge. We don't need the Visible Hand of government to bureaucratically manage this for us, nor would such subsidies necessarily even accomplish their intended effect. One possible negative side effect is that: many more students would go for a degree in a science/engineering degree only to drop out after a year or change majors. That would not necessarily be for our aggregate good, nor would that necessarily lead to an increase in science/engineering students, nor would that necessarily lead to an overall increase in the quality of education of our science/eng students.
IMHO, gas is fairly priced, currently. There are many factors that go into gas prices, such as:
regional (in)stability of oil exporting countries
price fixing, by organizations like OPEC or (illegally) by domestic oil companies
value of the dollar compared with currencies abroad (an under-reported, but significant reason for high gas prices)
supply and demand (Americans tend to drive gas-inefficient vehicles, raising demand; emerging markets like China and India have been rapidly increasing their energy consumption as their economies have rapidly expanded... think that could affect the price of gas? Yep.)
taxes
costs associated with refining oil into gas (which vary by state, raising costs for consumers)
I'm sure there are other economic factors, but those are the most prominent. In the end, other sources of liquid fuel will become more prevalent when oil extraction becomes more costly. I'm not a big fan of the "peak oil" idea, since there's still a lot of oil, but as that oil becomes more difficult to extract or refine, other energy sources (as well as old-fashioned Carter-era conservation) will become more economically attractive.
I can certainly see your point, though I still contend that BOA's SiteKey qualifies--even if only in a loose sense--as 2-factor authentication. The first factor is the password (something you know) and the second factor is the cookie on your machine (something you have). Of course, the 2nd item is obtainable by knowing something (at the heart of your original point), but I don't think that bars a cookie being qualified as "something you have" and hence, SiteKey still qualifies as being 2-factor, even if the means of obtaining the cookie resorts to the first factor ("something you know"). I suppose the semantics behind it can be further argued, and I'm quite certain that the relative security afforded by SiteKey and similar systems can be further debated as well.
A plethora of relatively unimportant web sites require logins, and they offer a cheap and easily implementable way to reset those logins by asking for a piece of (often benign) personal info (birthdate or zip code, for example). Now, banks and brokerages are hopping on that bandwagon, though in a different way. They are using personal identifiers (mother's maiden name, favorite color, first job, etc) as part of a 2-factor authentication mechanism (as opposed to simply a password reset mechanism). Bank of America rolled this out about a year ago with their Sitekey service. Using this scheme, if you're logging into your account for your typical machine, then a cookie on that machine identifies that you're on your home/office workstation. You are required to enter your userid/pw and then you're logged in. But if you (or an ID thief or hacker) use a different machine, then you are additionally prompted to answer a question, like one of the questions cited above. Answering that question correctly installs the appropriate cookie on the new machine.
This seems like a very cheap way of implementing 2-factor authentication, and not necessarily a bad idea. Other ideas include hardware tokens or single-use secondary keys, but those schemes tend to be more expensive. With the challenge-response scheme, a simple keylogger that is installed and that intercepts the login password is no longer enough for a hacker to access the account. It's a slight increase in security. It means that tech-savvy thieves will have to find ways around the system and non-tech thieves will resort to traditional measures, like social engineering, dumpster-diving, etc. In the end, financial institutions must still rely on a number of different security mechanisms, including lock-out periods for transferred funds, confirmation emails for certain account changes, notification of suspicious account activity, and so forth.
Long term survival of the human race can be augmented in a number of ways. First, the old rules still largely apply; chiefly, MAD (Mutually Assured Destruction). MAD kept the Cold War cold since an attack by one side would have meant a rapid counterattack by the other (mutual suicide). But in the 21st century, enemies will not only be kept in check by MAD, but can be preempted entirely via economic cooperation. In addition to economic growth and country-based division of labor, globalization provides the mechanism of collaboration which obviates nation-state warfare and renders it obsolete among participating countries. Thus, the objective of any future leader: expand this participation by making globalization a reality in areas where it is not (Andean nations in S America, Mideast, sub-Saharan Africa, etc), thereby spreading economic prosperity and preempting enemies via economic collaboration. Such collaboration further leads to the spread of ideas, including personal freedoms and women's rights, leading to a version of Tom Friedman's flatter world that is truly worldwide.
Slashdot Mirror
Benefits are as follows:
1. The unencrypted portion of the disk (boot record) can still be tampered with: a. planting passphrase-stealing code in boot code for later retrieval b. brute-forcing the passphrase
2. The user might only need to type in a short PIN number rather than a long passphrase. Often, the weakness of an encryption solution isn't the encryption, but bad practices on the part of the user, including bad passwords. A hardware-based solution means that a strong, cryptographically random password is generated, and then unlocked by a weaker password/PIN. However, the hardware chip restricts the number of guesses an attacker can make, meaning the entropy of the password/PIN is less relevant.
4. Resistance to cold boot" attack. This attack exploits the fact that the contents of RAM can be read even after shutting down a machine, meaning that cryptographic keys held in RAM can be obtained. Hardware-based full disk encryption (FDE) solutions retain the key (in a safe, tamper-resistant memory cache) rather than ever copying it to main memory.
Ultimately, the reason for the focus on hardware-based FDE has a lot to do with economics and little to do with conspiracy theories. Private enterprise knows that government and corporate mandates to secure mobile media mean that the demand for FDE will rise. Companies that are responsive will flourish; others will lose market share. Solutions that are later found to fail or have a backdoor in any form will be subject to massive liability, such as lawsuits, as well as massive divestment. It's economics, not geekdom, that is driving hardware-based FDE.
This is really old news, but a useful reminder that wireless access points should employ non-dictionary passphrases. To defeat even the most sophisticated password-guesser (one that combines dictionary-based and brute force password guessing), you can use a completely random password, such as one generated by by this FOSS utility: http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c14557/
Many options are available in addition to the 3 you've mentioned. The "best" choice depends on many factors, such as scalability, cost, and risk. TrueCrypt is free, but really isn't ready for enterprise use. As someone mentioned already, hardware-based FDE (like Seagate's Momentus drive) may very well be the most secure, but requires additional hardware acquisition and a time investment. BitLocker is an option, but requires upgrading to Enterprise or Ultimate (which can be done in-place, without a significant time investment, if I'm not mistaken).
Many other software-based products are out there, such as (off the top of my head) PGP WDE, Secude, WinMagic/SecureDoc, etc. The best option for your boss and your organization depends on multiple factors, factors that Slashdot readers are not privy to.
I disagree. If you've read the paper, you'll see that the researchers use refrigerant (compressed air bottle turned outside down so contents come out in liquid form and very cold) to sustain the contents of the DRAM for several minutes (rather than the seconds that that data would last at room temp). The Princeton researchers seem to know what they're talking about in their paper, so I'd say this is a credible threat.
Having said that, it still requires a certain amount of effort, timing, and, ideally, luck. Also, it does not appear possible at all (using this attack vector) when using on-board encryption such as Seagate's Momentus drive.
What to expect in the future? The attack is hardware-based, and a real solution will be hardware-based as well. FDE software can go so far as to use obfuscation tactics to make analysis more difficult in the meantime, though the threat will still exist so long as the hardware is vulnerable.
Absolutely true. I'm not proposing an "extreme" hands-off policy of government non-involvement. My view on this is that we already have institutions to handle monopolistic behavior (DOJ, for eg), as well as regulating the money supply (US Federal Reserve). Politicians, by contrast, tend to engage in short term-ism when negative market events occur (like the sub-prime lending fiasco) and also tend to use economic incentives in exchange for votes (promising "free" services, for example). Politicians should, ideally, not engage in such behavior, esp when we already have robust and non-partisan agencies for that purpose.
Back to the more specific subject of which candidate is best for technology (a narrow view, to be sure), I assert that the market is best for technological development and competitiveness. It is consumers who vote with their wallets when they purchase goods/services from a company. It is consumers who, therefore, choose the market's winners and losers. That is how it should be. Politicians should not make that determination. Historically, political involvement in any sector of the economy tends to make that sector less efficient and, regardless, benefit the few (the chosen winners) at the expense of the many (the companies that don't get special treatment and, notably, tax payers who subsidize the chosen winners).
The best candidate from the perspective of technology (or any private sector-driven sector) is the one who intrudes the least in the market, economically speaking. Of the candidates who are electable, I don't see a clear winner based on that single (but important) criterion.
I vaguely remember reading about this on Foreign Policy magazine's blog site. One possible explanation tha they proposed is that scientists and engineers who operate in that constricted cultural context tend to be angrier and, therefore, more likely to project that anger in violent jihad.
I disagree on the grounds that it's setting a bad economic precedent if our political leaders start awarding subsidies (income redistribution by another name) to students based on degree. Instead, they're free to encourage (via the media, their blog site, etc) education in science & people are free to act in their own rational self-interest based on that knowledge. We don't need the Visible Hand of government to bureaucratically manage this for us, nor would such subsidies necessarily even accomplish their intended effect. One possible negative side effect is that: many more students would go for a degree in a science/engineering degree only to drop out after a year or change majors. That would not necessarily be for our aggregate good, nor would that necessarily lead to an increase in science/engineering students, nor would that necessarily lead to an overall increase in the quality of education of our science/eng students.
- regional (in)stability of oil exporting countries
- price fixing, by organizations like OPEC or (illegally) by domestic oil companies
- value of the dollar compared with currencies abroad (an under-reported, but significant reason for high gas prices)
- supply and demand (Americans tend to drive gas-inefficient vehicles, raising demand; emerging markets like China and India have been rapidly increasing their energy consumption as their economies have rapidly expanded... think that could affect the price of gas? Yep.)
- taxes
- costs associated with refining oil into gas (which vary by state, raising costs for consumers)
I'm sure there are other economic factors, but those are the most prominent. In the end, other sources of liquid fuel will become more prevalent when oil extraction becomes more costly. I'm not a big fan of the "peak oil" idea, since there's still a lot of oil, but as that oil becomes more difficult to extract or refine, other energy sources (as well as old-fashioned Carter-era conservation) will become more economically attractive.I can certainly see your point, though I still contend that BOA's SiteKey qualifies--even if only in a loose sense--as 2-factor authentication. The first factor is the password (something you know) and the second factor is the cookie on your machine (something you have). Of course, the 2nd item is obtainable by knowing something (at the heart of your original point), but I don't think that bars a cookie being qualified as "something you have" and hence, SiteKey still qualifies as being 2-factor, even if the means of obtaining the cookie resorts to the first factor ("something you know"). I suppose the semantics behind it can be further argued, and I'm quite certain that the relative security afforded by SiteKey and similar systems can be further debated as well.
A plethora of relatively unimportant web sites require logins, and they offer a cheap and easily implementable way to reset those logins by asking for a piece of (often benign) personal info (birthdate or zip code, for example). Now, banks and brokerages are hopping on that bandwagon, though in a different way. They are using personal identifiers (mother's maiden name, favorite color, first job, etc) as part of a 2-factor authentication mechanism (as opposed to simply a password reset mechanism). Bank of America rolled this out about a year ago with their Sitekey service. Using this scheme, if you're logging into your account for your typical machine, then a cookie on that machine identifies that you're on your home/office workstation. You are required to enter your userid/pw and then you're logged in. But if you (or an ID thief or hacker) use a different machine, then you are additionally prompted to answer a question, like one of the questions cited above. Answering that question correctly installs the appropriate cookie on the new machine. This seems like a very cheap way of implementing 2-factor authentication, and not necessarily a bad idea. Other ideas include hardware tokens or single-use secondary keys, but those schemes tend to be more expensive. With the challenge-response scheme, a simple keylogger that is installed and that intercepts the login password is no longer enough for a hacker to access the account. It's a slight increase in security. It means that tech-savvy thieves will have to find ways around the system and non-tech thieves will resort to traditional measures, like social engineering, dumpster-diving, etc. In the end, financial institutions must still rely on a number of different security mechanisms, including lock-out periods for transferred funds, confirmation emails for certain account changes, notification of suspicious account activity, and so forth.
Long term survival of the human race can be augmented in a number of ways. First, the old rules still largely apply; chiefly, MAD (Mutually Assured Destruction). MAD kept the Cold War cold since an attack by one side would have meant a rapid counterattack by the other (mutual suicide). But in the 21st century, enemies will not only be kept in check by MAD, but can be preempted entirely via economic cooperation. In addition to economic growth and country-based division of labor, globalization provides the mechanism of collaboration which obviates nation-state warfare and renders it obsolete among participating countries. Thus, the objective of any future leader: expand this participation by making globalization a reality in areas where it is not (Andean nations in S America, Mideast, sub-Saharan Africa, etc), thereby spreading economic prosperity and preempting enemies via economic collaboration. Such collaboration further leads to the spread of ideas, including personal freedoms and women's rights, leading to a version of Tom Friedman's flatter world that is truly worldwide.