[unisog] Policy on "removeable storage devices"

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Apr 29 03:37:41 GMT 2005


On Fri, 29 Apr 2005 12:29:42 +1200, Russell Fulton said:

> We are particularly interested to hear if anyone has experience with
> data encryption for such devices -- either built in to the device or via
> software on the 'host' machine.

Just a quick reminder here - you really need to figure out what your threat
model is.  Does the crypto merely have to stop a casual attacker who swiped the
laptop off a luggage cart and fenced it for some money, or does it have to stop
a determined attacker who swiped that *particular* hardware because they knew
the data they wanted was on it?

Probably anything more complicated than rot-13 will stop the former (although
at least one vendor thought rot-13 would even stop a determined attacker, and
it should be noted that double ROT-13 suffers from the same issues as double-DES,
but even worse), while you'll likely need to get some really serious gear to
stop the determined attackers.....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050428/cfa89d0e/attachment.bin


More information about the unisog mailing list