Encrypted HDD?!


[ Комментарии ] [ Добавить комментарий ] [ Доска объявлений HackZone ]

Отправитель: 313373, September 05, 1998, 20:09:59:

В ответ на: Encrypted HDD?! (отправитель: Paranoid, September 05, 1998, 19:38:50):

There are probably a few of you out there saying, "I triple DES
encrypt my hard drive and 128 character RSA public key it for safety." Well,
that's just great, but... the Feds can have a grand jury subpoena your
passwords and if you don't give them up you may be charged with obstruction of
justice. Of course who's to say otherwise if you forgot your password in all
the excitement of getting arrested. I think I heard this once or twice before
in a Senate Sub-committee hearing. "Senator, I have no recollection of the
aforementioned events at this time." But seriously, strong encryption is
great. However, it would be foolish to rely on it. If the Feds have your
computer and access to your encryption software itself, it is likely they
could break it given the motivation. If you understand the true art of code
breaking you should understand this. People often overlook the fact that your
password, the one you use to access your encryption program, is typically less
than 8 characters long. By attacking the access to your encryption program
with a keyboard emulation sequencer your triple DES/128 bit RSA crypto is
worthless. Just remember, encryption may not protect you.

I covered encryption earlier and as I mentioned it really is not safe
to assume that it will protect you from someone who takes possession of your
computer. The only truly safe encryption would be a military spec.
hardware/software implementation. When people talk about secure encryption
they are not taking into account that all the power of a Government might be
trying to crack it, and that they will have physical access to the encryption
device, your computer! This leaves us with one other method, destroying the
data. Now this in and of it's self can be construed as obstruction of
justice. However, should you feel the need to instantly destroy all of the
data on your hard drive, for oh.. lets say educational purposes. I would
suggest mounting a bulk magnetic tape eraser next to your hard drive. You can
pick one up at Radio Hack, err Shack. One flip of the panic switch, thus
powering up the eraser while the drive is turning, and ZAP! Mount a switch
next to your bed. ;-)

This may or may not destroy all of the data on your drive. If the
drive disk is removed and placed on a special reader some data may still be
recovered. This is a science in itself. DOD spec. requires that a hard drive
be written to with O's 7 times before it is considered erased. Simply erasing
a file, formatting, or defragging will not suffice. Look for a shareware
utility named "BCwipe". This will erase to military spec. You may also want
to install some type of program that auto erases under certain conditions.
Regardless, computer specialists that work with computer crime are trained to
look for this.

(выдержка из Phrack Magazine см. линк)
От себя лишь добавлю ссылку на вышеупомянутую программу BCWipe
http://www.jetico.sci.fi/ , замечу кстати, что работает она крайне медленно, особенно если использовать военный тройной алгоритм удаления.
На средний по нынешним временам винт в 4 Гб уйдет от нескольких часов до суток, в зависимости от алгоритма удаления. Вот так. Кстати там же лежит сабж ;)))



Комментарии:


Цитировать сообщение


[ Комментарии ] [ Доска объявлений HackZone ]