Re: [tlug] search for encrypted information exchange

[Joe Larabell <fred62@example.com>]

On Fri, 28 Aug 2009, Curt Sampson wrote:

> On 2009-08-27 20:05 +0900 (Thu), Bruno Raoult wrote:
>
> > Geeks are focusing on laptops/encryption/etc..., while most people
> > data is in wallets, phones, am I wrong? This is my case.
>
> Yes, I think you are wrong. There's a big difference between the
> opportunity to do identity theft on one person who's aware that someone
> else has his ID and other cards, adn the opportuntity to do it on
> thousands or tens of thosuands (in the typical publicised laptop theft
> scenarios) who have no idea that they're under attack.

I assumed that by "most people" Bruno was referring to folks like me who 
don't work for credit card companies and/or aren't stupid enough to carry 
their databases around with them -- folks whose laptop thefts will *never* 
be publicised because there's simply no story there.

I keep a few internal presentations on my laptop that would cause only 
minor inconvenience if they got out and *nothing* that would qualify as 
"secret". I do all my work behind a VPN and access files at home via SSH
into my linux box (the passwords to which have to be entered every time 
and, as far as I know, aren't stored in non-volatile storage anywhere on 
the machine).

It's certainly possible that my passwords may well have been stored in 
DRAM at some point but if I lost my laptop and was concerned about the
possible theft or my passwords, I could change them in seconds.

So... what exactly is the threat in my case, besides the loss of some 
relatively expensive hardware? I think Bruno's point was that if you 
simply don't keep sensitive information on your laptop, there's little 
point in bending over backwards to keep what *is* there safe.

That argument obviously doesn't apply to the twit who decides to take his
company's entire credit-card database home with him after work. Isn't it 
possible that "security by common-sense" is just as good as encryption in 
many cases?

---
Joseph L (Joe) Larabell            Never fight with a dragon
http://larabell.org/                    for thou art crunchy
http://thelemicleague.org/        and goest well with cheese.