|
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> If the built-in encryption keys off the login password only (ie, the
> login password just unlocks the encryption key), then as an admin, you
> just have to change the user's password.
If you change the password without knowing the old password, you can't
decrypt the private key that encrypts the shared secret. So, basically,
you lose access to the encrypted files.
Each file is encrypted with a random symetric key. That symetric key is
encrypted with the (same) user's private key. The private key is
encrypted with the login password. If you change the login password
without knowing the old one, you can no longer decrypt the private key.
If you change your private key, the old one is kept around until you run
cipher /u, which scans the entire drive and updates the symetric keys to
be encrypted with the new private key. But you don't normally do such a
thing unless you're doing something like adding an escrow key, joining a
domain, or something like that.
> the login password, so if you root my machine and change my login
> password, you're still not getting at the encrypted files.
Neither on Windows.
>> Or just zip things up with a password.
>
> That's a pain to use, though
Plus it's trivially easy to crack. Even long passwords hash down to 8
characters or something. There are plenty of free programs that'll crack
a zip archive in a matter of minutes or hours just with brute force.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
>> Especially when some stupid system forces you to change it every month.
> ....and this is bad because...?
Because if any break-in of importance is going to be revealed anyway,
you don't need to change passwords. Changing passwords regularly is only
useful if you're not going to detect that someone has stolen the password.
This is why renewal credit cards have the same numbers as the previous
credit card. If someone steals your credit card number, it's going to
get reported on the next bill. For example.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
>>> Even if the admin can remotely log in, they won't be able to read
>>> your encrypted files unless they somehow get your password.
>
> Or they set up an escrow key.
Or they modified the OS to not actually "encrypt" the data at all...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
>>> Or just zip things up with a password.
>>
>> That's a pain to use, though
>
> Plus it's trivially easy to crack. Even long passwords hash down to 8
> characters or something. There are plenty of free programs that'll crack
> a zip archive in a matter of minutes or hours just with brute force.
...and today I learned something useful...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Eero Ahonen wrote:
> Jim Henderson wrote:
>> On Fri, 04 Jul 2008 12:06:01 +0100, Invisible wrote:
>>
>>> Worrying fact: 50% of the population has below-average intelligence.
>>> (!!!)
>
> So... If we have 4 men, with intelligences 1, 8, 9 and 9, the average is
> (1+8+9+9)/4=6,75, so 75% of men are more intelligent than average person
> (who, if he existed, would be over 6 times as intelligent as the dumpest
> one).
>
We were talking about a population, unless you can come up with a very
good reason why certain extreme intelligences are more likely than
others you may assume the distribution is gaussian
(http://en.wikipedia.org/wiki/Central_limit_theorem).
For a counter example: as part of an introduction to databases and
statistics we used to measure height and weight of all first year
medical students to let them work with their own data. (getting some
girls to stand on scales was an interesting exercise). Often the
distribution of their heights was camel shaped.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Fri, 04 Jul 2008 14:21:48 +0200, scott wrote:
>
>>>> Especially when some stupid system forces you to change it every
>>>> month.
>>> ...and this is bad because...?
>> You try coming up with a different strong password every month, *and*
>> remembering it without writing it down. I doubt I'm the only user of
>> this system who needs to write the password somewhere. I wonder if
>> security would actually be improved by removing the 1 month expiry.
>
> There have been studies done that suggest that changes that are too
> frequent reduce security for just this reason.
>
Do you have a pointer?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
>
> Plus it's trivially easy to crack. Even long passwords hash down to 8
> characters or something. There are plenty of free programs that'll crack
> a zip archive in a matter of minutes or hours just with brute force.
>
Some zippers (IIRC Winzip 9+, at least) support AES nowadays. Shouldn't
be as easy to crack as older ZIP-archives.
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethiszbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
>
> We were talking about a population, unless you can come up with a very
> good reason why certain extreme intelligences are more likely than
> others you may assume the distribution is gaussian
> (http://en.wikipedia.org/wiki/Central_limit_theorem).
Yes. But I can't say for sure (=mention as a fact) that the average line
goes exactly at 50% on population.
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethiszbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Plus it's trivially easy to crack. Even long passwords hash down to 8
>> characters or something. There are plenty of free programs that'll
>> crack a zip archive in a matter of minutes or hours just with brute
>> force.
>>
>
> Some zippers (IIRC Winzip 9+, at least) support AES nowadays. Shouldn't
> be as easy to crack as older ZIP-archives.
Depends. If the key algorithm is still as weak, the cipher makes no
difference.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> (getting some girls to stand on scales was an interesting exercise).
;-)
> Often the distribution of their heights was camel shaped.
Programming assignment grades follow a similar bimodal distribution.
Apparently some people "get" it, and others just don't.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |