HackersOnBoard asked:

Daniel Selifonov August 1st–4th, 2013 Rio Hotel & Casino • Las Vegas, Nevada.

Advertisement
Share →

18 Responses to Defcon 21 – A Password is Not Enough: Why Disk Encryption is Broken and How We Might Fix It

  1. Negauka says:

    Sadly, I do not know how to apply most of what he spoke of onto my own
    system.
    For the future, though, I want to learn.

  2. Sonny Champagne says:

    I already had to bypass IBM BIOS’ password and fail for the first time due
    to an EPROM called ‘security chips’. That’s why i’m using Lenovo at the
    moment. I also use RAM and HDD encryption running Linux on AES Capable CPU.
    I guess anyone to decrypt my laptop… well except attacking me with a gun,
    it’s almost impossible!

  3. Darren Woods says:

    45 mins and not once did he mention a gun to the head is the best way to
    break encryption of all kinds.

  4. John Undefined says:

    There is a practical matter. If an attacker is sufficiently powerful,
    there are no steps that you can take to secure your data. It is more
    practical to secure a device physically than to expect the encryption to
    overcome a physically insecure system. Because, even if you do everything
    this guy wants you to do, whoever broke into your computer might simply
    have replaced the CPU. They’ve got a special one that acts just like a
    normal one, except that it saves the contents of the debug registers so
    that they can have your key. Let’s face it. If your adversary is that
    powerful, you are already sunk. If you can’t trust that your RAM is
    secure, if you think it is being imaged, then you might as well not even
    try. It is easier to watch you type in your password when you think no one
    is watching than to pull something like that off.

  5. vinkuu says:

    What about hw hd encryption, like the samsung 840 pro ssd series? This
    video might have covered that, but I’m not proficient enough to understand
    if it did.

  6. klarusboy says:

    His google glass might make him look a bit douchey, but my god hes hawt.

  7. phaelin says:

    When you have your disk in a strongbox you still need encryption for when
    the feds get it out :p

  8. YumekuiNeru says:

    is he related to mootles
    he looks like a relative

  9. Phil Thomas says:

    Turned it off after he stated physical security was the responsibility of
    the encryption program, and not the user.

  10. lennyhome says:

    It’s incredible how wearing a pair of Google glass can make you look like a
    douchebag.

  11. Ri Chard says:

    Yes you could encrypt memory and combine that with address space layout
    randomization, but the weakest link in all security will always be humans.
    Also it would eat up system resources, and finally wouldn’t fix the more
    common hacks like sql injection etc.

  12. Scott Okeif says:

    Turned it off after he stated physical security was the responsibility of
    the encryption program, and not the user.

  13. David Hope-Ross says:

    Pushing TPM??? FEDFEDFED!!!!!!!

  14. urbex2007 says:

    I really wonder if Truecrypt has a backdoor built in…I think it does, but
    that is just my opinion. Others are working on taking it all apart after
    cash was donated to researchers to support the project. They have gone
    very quiet lately.
    In the UK if the police technical staff are unable to decrypt files/hard
    drives, they send them off to GCHQ – who will decrypt the files/drives and
    return them. That’s why I suspect it’s another case of “RSA”! Even
    BeCrypt has a backdoor, a generator program takes a challenge code and
    gives you another one to bypass the original password and reset it. That’s
    definitely one to avoid.

  15. Łukasz Gądek says:

    Warto obejrzeć, dlaczego szyfrowanie dysku hasłem jest niewystarczającym
    zabezpieczeniem.

  16. James Oxford says:

    what is with the all the pinks in the power point. My eyes HURT.

  17. ObsessiveAsianCult says:

    I didn’t even noticed these were Goggle glasses until I had a look at the
    comment section, but I find it a bit weird that someone that promotes full
    disk encrytpion would wear these, just by principle 😉 Regardless this got
    to be one of the best Defcon talks ever

  18. Marius Luding says:

    Cool Idea to use GGlasses for notes or similar stuff

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

Looking for something?

Use the form below to search the site:


Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.