ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: don?t aynone know anything about Encryption in TSM.

2002-04-05 09:46:37
Subject: Re: don?t aynone know anything about Encryption in TSM.
From: Justin Derrick <jderrick AT CANADA DOT COM>
Date: Fri, 5 Apr 2002 09:46:30 -0500 
>when i said that they have extremely valible data i am meaning that this
>genetic reasearch
>company has the medical records, detatild information on peoples relatives
>back to the middle ages
>and the DNA codes of every person in this country.

Um, that's spooky.  I suspect it's an exaggeration since DNA contains so
much information - the human genome contains 3 billion base pairs - that's
3G per person, likely uncompressable due to it's pseudorandom nature.  CIA
World Fact Book has Iceland's population pegged at about 278,000 (July
2001).  That's 834GB of data.  Entirely possible, but still spooky.

>You guys can hopfully see now how ctritical this database is and how
>protection of it is essential.

Personally, I can't imagine a use for it, but I'm not a biotech geek.  =)

>This is what i have understand of you guys so far.
>Encryption in TSM is always done on the TSM B/A-Client there do you put a
>56bit encryption key on the data witch cannot be
>retreved without the key. So they need to come up with some sort of disaster
>Recovery plan, regarding the key retrival if the
>system admins are unavalible.

Availability of administrators is not the issue.  You need to be able to
recover any of the keys ever used for encrypting a backed up file.

>If what you are saying Kyle Sparger is true then this 56bit key is probably
>not good enugh for them. I am no expert in Security and don?t know mutch
>about hacking. I don?t want to sound to paranoyed but then again who knows.

No, 56 bits is simply not enough.  You need a more robust solution that
integrates stronger encryption with the ability to encrypt the key used to
encrypt the file, so that the key can be restored, if necessary, by the
administrator.  (Public key cryptography would be great for this - encrypt
the key used to encrypt the data, and only the administrator's key can
decrypt it.  Keeping the administrator's key safe, now there's a challenge.)

>This database is the brain, the hart and the lung of the company if it get
>exposed, every employ there can start lookin for new job the same day.

Then you should recommend spending a considerable amount of money on
protecting it with more modern tools.

Did I mention the fact that I'm a consultant, and would love to see
Iceland?  *grin*  @;^)

-JD.
>-----Original Message-----
>-----Original Message-----
>From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU]On Behalf Of
>Kyle Sparger
>Sent: 4. april 2002 19:14
>To: ADSM-L AT VM.MARIST DOT EDU
>Subject: Re: don?t aynone know anything about Encryption in TSM.
>
>
>> (unless they can hack it, but then any encryption scheme is subject to
>> hacking).
>
>And this is a very important point.  I could be wrong, but I seem to
>recall that TSM's encryption uses straight up DES, which uses a 56 bit
>key.
>
>It has been proven that very determined people can brute force 56 bit DES
>-- distributed.net, which utilizes idle time of thousands of computers,
>was able to do it in less than 24 hours.  There are design specs available
>for theoretical computers which are supposed to be able to brute force 56
>bit DES within minutes -- but the cost of these computers is generally
>considered prohibitively expensive.  However:
>
>1.  Consider the following -- KaZaa, a fairly popular napster-alike, has
>been piggybacking programs for awhile now, one of which is designed to
>allow remote users to utilize idle cycles on the computers it's installed
>on.  KaZaa is used by thousands of users.  Also, how many thousands of
>computers out there have been broken into, or are waiting to be broken
>into?  All of these are sources of computing power that could be used to
>crack DES keys.
>
>2.  'Prohibitively expensive' is relative.  I've heard estimates that put
>the price of building such a computer at a little over $1B USD.  But then,
>consider how many billions of dollars countries have spent launching spy
>sattelites -- don't you think that they would spend just one more billion
>to be able to actually _use_ the encrypted information they intercepted?
>:)
>
>And if Moore's Law holds true, I seem to recall estimates that place
>56-bit key cracking in under a week at 2020-2030.  Will your data still
>need to be secret then? :)
>
>Basically, what I'm saying is, TSM's encryption is better than nothing,
>and is suitable for many purposes, but your original statement,
>
>"They have extremly valible data witch may not get in the wrong hands."
>
>... that indicates that this may not be suitable for your case :)
>
>If you _really_ need to make sure people can't get it, you need to use a
>lot more than 56 bits.  128 is the bare minimum these days, and even that
>is starting to come under fire :)
>
>--
>Kyle Sparger
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: don?t aynone know anything about Encryption in TSM., Thomas Denier
Next by Date:  Re: disaster recovery ?, Aaron Widmeyer
Previous by Thread:  Re: don?t aynone know anything about Encryption in TSM., Thomas Denier
Next by Thread:  Re: don?t aynone know anything about Encryption in TSM., Petur Ey?orsson
Indexes:  [Date] [Thread] [Top] [All Lists]