All the blackhat 06 talks about Vista were actually pretty good in describing the security built into the development life cycle and the _attempt_ at over engineering the OS the way DEC had done two decades ago with OpenVMS. But that's a topic for another day.
So now we have built in disk encryption. There are laws about data privacy that waive public disclosure of lost laptops with personal information on them if the data is "encrypted". Seems reasonable. Of course the laws say nothing about key management. That's always the hard part.
Speaking of key management, I'm thinking there is very sophisticated type of key management built into bitlocker. But it's not for security...it's for government forensics.
Here are three examples of why smart money says we will find out about this in...ummm...10 years or so maybe.
- Key management in Lotus Notes
- Page 80 of this IBM RedBook has details
- Info on the key itself
- Key management in Windows
- Flawed attempt at PUBLIC escrowed encryption key management (clipper chip)
A couple of thoughts come to mind after a quick perusal of those links:
- No key escrow will ever be made public...NSA tried once, it failed...better to keep it a secret. Lesson learned.
- Vista crypto is engineered with NSA key components, similar to earlier implementations but with even greater sophistication.
- Law enforcement will deny the ability to crack Vista crypto and will continue to state publicly that the encryption keys were "found".
Posts
No comments:
Post a Comment