Re: [Fed-Talk] FileVault2 Security Config
Re: [Fed-Talk] FileVault2 Security Config
- Subject: Re: [Fed-Talk] FileVault2 Security Config
- From: "Blumenthal, Uri - 0668 - MITLL" <email@hidden>
- Date: Wed, 17 Aug 2011 20:46:30 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] FileVault2 Security Config
Yes that was a nut comment. :-)
--
Regards,
Uri
----- Original Message -----
From: Pike, Michael (IHS/HQ) [mailto:email@hidden]
Sent: Wednesday, August 17, 2011 03:39 PM
To: Link, Peter R. <email@hidden>
Cc: Blumenthal, Uri - 0668 - MITLL; email@hidden <email@hidden>
Subject: Re: [Fed-Talk] FileVault2 Security Config
So the comment of some government encryption task force that can crack aes128 like a nut is wrong?
It's not our government that I would worry about its the other governments of the world, because if we can do it, they can do it.
Sent from my iPhone 4
On Aug 17, 2011, at 1:34 PM, "Link, Peter R." <email@hidden<mailto:email@hidden>> wrote:
from <http://gadgetsteria.com/2011/08/17/bad-aes-encryption-now-4x-easier-to-crack-good-still-takes-1-trillion-machines-2-billion-years-to-do-the-deed/> http://gadgetsteria.com/2011/08/17/bad-aes-encryption-now-4x-easier-to-crack-good-still-takes-1-trillion-machines-2-billion-years-to-do-the-deed/ I'll take these people's word for AES encryption.
Cryptography researches Andrey Bogdanov (K.U.Leuven — Katholieke Universiteit Leuven), Dmitry Khovratovich, (Microsoft Research) and Christian Rechberger (ENS Paris) managed to find a weakness in AES encryption that now makes the security protocol 4x easier/faster to crack. The crack has already been seen and confirmed by AES creators Dr Joan Daemen and Professor Dr Vincent Rijmen.
Seeing as how AES-128 specifically is one of the more widely used, secure systems the world uses today, this news is somewhat troubling — until you hear how long it still takes to crack it. According to the three musketeers of science, the number of steps to crack AES now stands at an “8″ followed by 37 0′s. Per Bagdanov:
“To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key.”
Looks like we can continue relying on AES encryption for at least a few more years…
On Aug 17, 2011, at 12:24 PM, Blumenthal, Uri - 0668 - MITLL wrote:
There are two issues to consider. One is AES-128 vs AES-256. And anybody who states that AES-128 is "easily broken" most likely is totally clueless.
Another issue is whether iPad or FV2 implementation is secure - and here the algorithm used is irrelevant. As I don't know implementation details for either one, I can't comment - except that whatever weakness FV2 or iPad may have is not related to the choice of crypto algorithm used.
Based on experience in this particular field (Crypto), I have formulated my professional opinion.
--
Regards,
Uri
----- Original Message -----
From: Pike, Michael (IHS/HQ) [mailto:email@hidden]
Sent: Wednesday, August 17, 2011 01:32 PM
To: Blumenthal, Uri - 0668 - MITLL
Cc: <mailto:email@hidden> email@hidden<mailto:email@hidden> <<mailto:email@hidden>email@hidden<mailto:email@hidden>>
Subject: Re: [Fed-Talk] FileVault2 Security Config
Heh I understood. Someone said the iPad was aes128 and he said then it's was easily broken. You can formulate your opinion on his statement. I'll refrain.
Sent from my iPhone 4
On Aug 17, 2011, at 11:18 AM, "Blumenthal, Uri - 0668 - MITLL" <<mailto:email@hidden>email@hidden<mailto:email@hidden>> wrote:
Nothing interesting, really - just some fresh BS.
AES-128 is an approved US Government algorithm for protecting Classified information up to SECRET level.
Read carefully through this: <http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml> http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Either you didn't understand what that person was telling you, or he doesn't have a clue.
--
Regards,
Uri
----- Original Message -----
From: Pike, Michael (IHS/HQ) [mailto:email@hidden]
Sent: Wednesday, August 17, 2011 12:38 PM
To: <mailto:email@hidden> email@hidden<mailto:email@hidden> <<mailto:email@hidden>email@hidden<mailto:email@hidden>>
Subject: [Fed-Talk] FileVault2 Security Config
So I had an interesting conversation with our security folks today… someone lost an ipad and luckily it is aes256… FV2 however is AES128.
I was told AES128 is a joke in the government's eyes… doesnt make me feel to good that's for sure!!
I know windows bitlocker will allow you to force it to 256 with a setting… is there somewhere in Lion you can configure it to use 256 (I realize there is a performance hit most likely), but now I'm being told AES128 will not suffice for security approval.
Hard to believe my iPad is more secure than my MBPro.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (<mailto:email@hidden>email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to <mailto:email@hidden> email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (<mailto:email@hidden>email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to <mailto:email@hidden> email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (<mailto:email@hidden>email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
<mailto:email@hidden>email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden