Not even that is true. You can always *access* the data. Depending upon the type and complexity of the encryption, it may take a while to decrypt, but once I have physical access, I have both the data and the time to do just that. *Most* of the "encryption" schemes for things like passwords that used to be stored in plain text (until somebody pointed it out) are fairly trivial and easily broken.Sorry, I shouldn't have implied that was only true of Windows. However, you CAN'T access encrypted data with physical drive access.
Even if they're not, I may be able to use the program itself to decrypt the password and then capture it in plain text in memory.
Again, once you have physical access, it's game over, plain and simple. Paul Schmehl (pauls@xxxxxxxxxxxx) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
p7sQrSRwNcMG1.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/