[FDE] Paula Parker's, Detective Inspector of Merseyside Police, response to Child Pornography on internet

[Simson Garfinkel]

My understanding is that there are several standard ways of attacking  
drive encryption:

* Asking the suspect for the encryption key
* Threatening the suspect to get the encryption key
* Brute forcing the passphrase using other information around
* Looking for the key in memory

But if you use strong passphrases and your users are torture-proof,  
they're probably on a pretty good footings.


On Mar 25, 2008, at 12:31 PM, Owens Bernard B wrote:

>
> The nexus between the referenced article and this list seems to be  
> when
> Detective Sergeant Geoff Conway is quoted:  "Encryption and passwords
> hold no fear for us. If there is something on a computer, we will find
> it."
>
> That's news to me.  The agency I work for is positively manic (and
> rightly so) to make sure that any computer that leaves our controlled
> space is fully encrypted.  I think my management would be unpleasantly
> surprised to learn that our encryption can be easily swept aside by DS
> Geoff of Merseyside.
>
> In all seriousness, do such articles have any impact?  Do vendors on
> this list commonly encounter people who are convinced that no FDE  
> scheme
> is proof against even reasonably smart and resource-rich attacks?
>
> I don't sell FDE products; I just use and administer them every  
> day.  My
> users understand the need for FDE and accept the minor inconveniences
> involved as long as they have faith that it works.  If my users were  
> to
> read something like this and believe it, they'd get really irritated  
> at
> me for making them type yet another apparently unnecessary password
> before they begin work each morning.
>
> Any thoughts?
>
> Bernard Owens
> Computer Specialist
> USTreas/IRS
>
>
>
>
> _______________________________________________
> FDE mailing list
> FDE at www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde
>