onsdagen den 2 oktober 2002 16.17 skrev pplf: > > BTW, cryptography is not the 100% perfectly final solution. It is a > fairly good protection, in some cases, but nothing more. If someone can > access your laptop during 10 minutes, he can boot on a floopy and put a > rootkit with a keylogger and your encryption is dead... > Yes, this is important. I do belive you have to have a clear picture of what you want to achive with your encyption. Know your security-goals, and know your security-threats. I belive that it's important to set the security goals to a resonable level and then make sure that they are possible to live with. Do you need to protect you from: 1) "Pedestrian crackers", people that work alone with small budgets. 2) "Corporate crackers", someone with a budget and power of a corporation. For example a telocom corporation trying to get to know the bid of a competitor. 3) "Governmental cracker", a foreign or domestic government agency with a huge budget. You also need decide: "Am I singled out for an attack in advance?". If you belive that NSA or FBI really want to get their hands on the data on YOUR computer and they are carefully planning for it, I think you have a BIG problem and cryptography will not solve it. If you on the other hand wants to protect yourself from the scenarion: "A thief steals a laptop that happens to be yours and tries to access your data", then you can manage it with cryptography. This may even be true if the thief sells the computer to a competitor to the company you work for. But I wouldn't count on that my data is safe from NSA even in this case. This was some thoughts on encryption and security. -- Tomas Rudén, Märsta, Sweden - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
