West Lothian and email
David Hansen
ukcrypto at chiark.greenend.org.uk
Wed, 14 Jan 2009 09:49:10 -0000
On 13 Jan 2009 at 20:55, signup@bealoid.co.uk wrote:
> A local trust has insisted that any USB Sticks (flash drives, whatever
> you call them) have to be Sandisk Cruzer Enterprise encrypted disks.
I think all discs, fixed or removable, should be encrypted. So, I'm
pleased to hear of an organisation which has the same approach. I make
no comment on the precise form of encryption.
> I'm not sure if they're using the "too many tries and the data is
> wiped" option, but most passwords I've seen people use are less than 9
> characters, with one capital and one number. Is this better than
> nothing? or is it creating a false sense of security?
It is a way of defeating casual attackers, at least for the moment. In
a while they may have to look at passphrases, though it is easy to
defeat the aim of securing things by making these so impractical that
people write it on a piece of paper or whatever.
Encryption on its own is not a panacea, but it is a necessary step.
--
David Hansen, Edinburgh
I will *always* explain revoked encryption keys, unless RIP prevents
me
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54