Chris Jones: > On Fri, Feb 27, 2009 at 08:34:25AM EST, Jochen Schulz wrote: > >> This is a valid question! Depending on the encryption system in use, >> it cannot be answered satisfactorily. > > I'm not sure it's related to the encryption/decryption process. > > What I had in mind when I wrote the above was that with the immense > volumes of output generated, having a crowd of quick-eyed folks look at > it one individual dose at a time to determine the likelihood of its > being the correct "solution" in a timely fashion is not practical. Sure, it isn't. But if you are, for example, trying to brute-force a LUKS key's passphrase, there appears to be a way to know whether the passphrase is correct, or not. But I can only guess how it is done. >> If a one-time pad is in use where the key is as long as the encrypted >> document, it cannot be answered at all. > > Don't take my word for it, but I believe it one-time pads .. as their > name implies need to be unique to the document to make it impossible to > decrypt. Otherwise you start introducing regularities. Sure. But you could just declare your whole hard disk (or a filesystem) as one document. As long as your purely random key is as long as this "document", it would still qualify as one-time pad. >> Even if one key reveals a "good looking" plaintext, the attacker has >> no way to know whether this plaintext is the right one because other >> keys lead to other valid looking plaintext. > > Keeping in mind that what you (the cracker, I mean..) are looking for > might not be plain text in the first place. Sorry, what I meant was unencrypted cleartext. > I guess you could devise some complementary hardware support to your HD > that would hold all the one-time pads and Mission Impossible style > destroy itself within seconds in case of an emergency.. but I have a > feeling that the encryption of an entire file system is more something > that's meant to protect you from unsophisticated prying without making > your existence miserable but that it was never meant to address the > security of strategic files and truly sensitive data. Why not? What makes filesystem encryption less secure than e-mail or single file encryption? J. -- I am worried that my dreams pale in comparison beside TV docu-soaps. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature