Re: Good design for a Algorithmically Derived Passphrase for FDE (?!)

On 2007-11-20 ManInWhite wrote:
Secondly: The algorithm used to derive the passphrase not stored with
the laptop at all. The CODEwords which are used to derive the
passphrase are not stored with the laptop. They both never leave the
key generation PC.

So? The dictionary (or codebook as you call it) is part of your
passphrase generation algorithm. If an attacker learns the algorithm he
can reconstruct the passwords, because he knows the serial numbers from
which the passwords are derived. To repeat myself: don't do that.

Your security should *never* be based on the secrecy of your password
generation algorithm, but only on the strength of the passwords.

Thirdly: The security of the system is not in keeping the algorithm

Of course it is.

Ultimately all it is doing is generating offsets for lookup in a
secret codebook. The Codebook is not stored with the laptop, and
protected. The security is keeping this codebook secure.

See above. The codebook is part of your algorithm.

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Relevant Pages

  • Re: For those of you with alarm storefronts
    ... For the laptop and any computer that has confidential information on it, ... would use an encryption program. ... I would also scan the contracts along with any passwords and store them as ... so the filing cabinets are still my biggest concern. ...
  • Mobile Device Security, Was: Re: Dell BIOS DoS
    ... get rid of vendor master passwords and such. ... On Apple machines the boot ROM contains a graphical ... where is the real point of attack? ... Imagine someone stealing your laptop which is ssecured with some sort of ...
  • Re: Stolen Laptop, backpack, other things
    ... too) I put everything into a secure program with good encryption ... or in Splash ID for passwords, ... Also, just by chance, that particular laptop didn't have any e-mail ... are encrypted in Splash ID which is safe. ...
  • Re: Parallels and WinME
    ... which I use for anything without a security ... less pleasant is to see if the bank would accept BeCrypt instead of PC ... passwords to get into and two of those passwords must be completely ... Every laptop I have used that has BeCrypt on it has had the passwords ...
  • Re: Want Dell Latitude Password/Service-Tag Generator Program
    ... "The laptop that was used in this demonstration is a Model 630 type PPX" ... original owner or help from Dell. ... passwords too, you just have to take the time to find the right one. ... The #1 Newsgroup Service in the World! ...