 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 08/16/2011 10:47 PM, Edward Ned Harvey wrote: >> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- >> bounces+blu=nedharvey.com at blu.org] On Behalf Of Brendan Kidwell >> >> I'd say the same thing as you: what the point of spending all those CPU >> cycles if the data is effectively not encrypted?! > CPU cycles irrelevant. > First of all, when encrypting/decrypting my laptop HDD at sustained full > speed, CPU usage only goes up to 30% of a single core. Second of all, if > you have a modern processor (i7) that includes the AES instruction set, it's > 1-2 orders magnitude CPU performance enhancement, which means undetectable > additional load on the CPU to sustain all the encryption. 0.3% to 3% > maximum CPU load. > > But yeah. A few days maximum to brute force the 6-character password. > > And I don't buy the arguments a few people made - About the attack vector > being other than brute force and therefore brute force doesn't matter. If > somebody laptop is lost or stolen, there is no guarantee it'll be powered on > at the time, which means there's no guarantee of *any* attack vector except > brute force. And that includes brute force of the hammer & water bucket > sort, on the person who knows the password. > > I understand the aversion to typing a long difficult password at boot time. > That's why they made things like the TPM, and key fobs and smart cards. So > you can have strong encryption without the hassle. The issue with any laptop is what happens when it gets lost or stolen. If you are using a hardware USB device or something like that, you are just as likely to lose it at the same time. As discussed earlier and 6-character password is simply going to be crackable. I personally prefer a pass phrase that I can remember, but may make no sense to anyone else. Something like a time-based RSA SecureID works, but only when you are connected to a network for authentication. The basic underlying fallacy in all security systems is the human. technical people like us would be more inclined to use longer passwords, TPM, et. al., but the average computer user such as an accounting person who maintains sensitive stuff on his laptop and does work while taking the commuter rail to work is the hole in the system. You give him/her a long randomized password, and it will be written down somewhere. How many times have you seen employees use sticky notes with their password. -- Jerry Feldman <gaf at blu.org> Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
