I often write about the near impossibility of breaking AES encryption, and I am not alone: An article at eetimes.com (link at bottom) comes to the same conclusion. Another take on why drive encryption software like AlertBoot is considered to be very safe when it comes to protecting a laptop full of sensitive data.
A Billion Billion Years
As you see, I’m not the only who points out that “cracking” AES encryption would take a very long time (a billion billion years — not to be confused with billions and billions of years). On the other hand, I don’t want people to be left with the impression that encryption software is the be all, end all of security.
Sure, no one you know will be around when a laptop protected with AES-256 encryption is cracked billions of years from now; however, figuring out the encryption key is not the only way to gain access to an encrypted computer.
Why Discuss Weaknesses to Encryption?
You might think that I’m biting the hand that feeds me by pointing out how the security afforded by encryption software can be curtailed. Nothing could be further from the truth.
The weaknesses that I’m about to discuss, are ways that you (not a hacker, but the owner of the data) could compromise your encrypted laptop’s security.
Weaknesses When It Comes to Disk Encryption
The first is the most obvious one: choosing a weak password. This warning has been done to death, but let’s face it: passwords matter. As the eetimes.com article notes, the strength of the encryption key comes from its length. A longer key means that there are more keys of the same exact length, which in turn means more guesses to find the right one.
What’s true for keys is also true for passwords. The longer and more random a password is, the more time a hacker will have to spend on resources (time, money, etc) to find it.
The second weakness is also related to passwords: don’t write them down and keep them in the vicinity of the laptops that are being protected. A hacker won’t be spending anything but emptying his belly of laughs.
The third is never shutting down your computer or always keeping it in hibernation or sleep mode. The effectiveness of full disk encryption (FDE) is at its peak when the computer is shut down. It’s most vulnerable when it’s up and running (in order to use a fully encrypted computer, you must get rid of the encryption). A computer is protected in hibernation or sleep mode…but, there are some ways to finagle passwords or encryption keys in something called “the maid attack” or “the janitor attack.” It’s not an attack your average laptop thief will be able to carry out, so it’s less of a problem, but still…it’s always advisable to shut down your computer when moving it about.
Related Articles and Sites: