Defcon 21 - A Password is Not Enough: Why Disk Encryption is Broken and How We Might Fix It
69,425
Published 2013-11-16
August 1st--4th, 2013
Rio Hotel & Casino • Las Vegas, Nevada
All Comments (21)
-
It's not a Defcon talk without technical difficulties
-
purple text on pink background....
-
Fuck ya, this guy was ahead of the times. TPM is now actively used for anti evil maid on various systems
-
Cool Idea to use GGlasses for notes or similar stuff
-
Intense physical pain will get the password/key location from him/her/other; but I get the point of the talk.
-
It's great watching someone tell an audience everything they already know about security as if its some amazing realization whilst he has spyware attached to his face.
-
Pushing TPM??? FEDFEDFED!!!!!!!
-
Can dusters are feeble things. If you can bring a "liquid withdrawal" CO2 cylinder or invert a vapor withdrawal cylinder you have far more CO2. A suitable container or bag could let you freeze a machine for as long as you can maintain gas flow. "Kegerator" size cylinders aren[t large. One could easily disguise one as a fire extinguisher, or use an extinguisher filled with CO2 only.
-
It's almost like he is describing Qubes OS!
-
is he related to mootles he looks like a relative
-
What about hw hd encryption, like the samsung 840 pro ssd series? This video might have covered that, but I'm not proficient enough to understand if it did.
-
When you have your disk in a strongbox you still need encryption for when the feds get it out :p
-
Is the speaker wearing a Google Glass or what?
-
defcon yup yup any in UK 2016
-
holy shit its..that year..
-
I already had to bypass IBM BIOS' password and fail for the first time due to an EPROM called 'security chips'. That's why i'm using Lenovo at the moment. I also use RAM and HDD encryption running Linux on AES Capable CPU. I guess anyone to decrypt my laptop... well except attacking me with a gun, it's almost impossible!
-
what is with the all the pinks in the power point. My eyes HURT.
-
Turned it off after he stated physical security was the responsibility of the encryption program, and not the user.
-
There is a practical matter. If an attacker is sufficiently powerful, there are no steps that you can take to secure your data. It is more practical to secure a device physically than to expect the encryption to overcome a physically insecure system. Because, even if you do everything this guy wants you to do, whoever broke into your computer might simply have replaced the CPU. They've got a special one that acts just like a normal one, except that it saves the contents of the debug registers so that they can have your key. Let's face it. If your adversary is that powerful, you are already sunk. If you can't trust that your RAM is secure, if you think it is being imaged, then you might as well not even try. It is easier to watch you type in your password when you think no one is watching than to pull something like that off.
-
45 mins and not once did he mention a gun to the head is the best way to break encryption of all kinds.