What laptop users should do to defend their data

14 June 2010

The steady stream of advances in brute force decryption techniques - which started when Russia's Elcomsoft released the first versions of its Password Recovery suite of utilities around 18 months ago - means that laptop users must now raise their game when it comes to encryption.

And, says Andy Cordial, Origin Storage's managing director, as Russian password decryption specialist Elcomsoft's advances clearly show, it can only be a matter of time before further advances are possible.

"Elcomsoft's Password Suite shows how it possible to dramatically speed up the rate at which an application crunches its way through password combinations using advanced hardware techniques," he said.

"You only have to look at some of the latest software from Elcomsoft, such as Advanced PDF Password Recovery to realise that it's now possible to recover a 40-bit RC4 password-coded Adobe PDF file in a matter of minutes," he said.

"And if you look at the specification of this package, you begin to realise that certain types of AES encryption are also starting to become crackable, although you are currently talking about the kind of processing power that only governments and large corporations have access to," he added.

According to the Origin Storage MD, it is only a matter of time before some coding genius moves the password recovery game on a few more stages, making a lot of encryption technologies on laptops just a few years old, infinitely more crackable.

"Can the man in the street do this? No, but the man in the testing lab can, and cybercriminals clearly now have access to parallel processing and advanced decryption technologies. It's not inconceivable that criminal gangs have cracked weaker AES crypto technologies already and are waiting for an opportunity to try out their skills," he said.

So what should laptop users do to defend their data?

Cordial advises users to take a multi-layered strategy to their data encryption by installing the most powerful levels of AES encryption that are currently commercially available and add on an additional layer of defence such as a passphrase security system or a biometric scanner.

Some of the latest laptops already offer fingerprint scanners as optional extras, although Cordial says that users should be selective as to which biometric applications they use to protect their data.

Passphrase protection is another valuable extra layer of defence that can be deployed in parallel with encryption. Origin's own Data Locker Pro range of PIN-encrypted portable hard drives are a classic example of this dual-layer security strategy, he explained.

"Users of legacy laptops that want to move on up to the benefits of encrypted drives, meanwhile, should look at the Enigma range of secure encrypted drives" he said. "These kits, which start at £249rrp for a 160GB system, include all the software and cables required to migrate a laptop drive's data over to an encrypted platform," he added. "As cybercriminals get smarter on the encryption cracking front, so company laptop users must use the best tools at their disposal to defend against their data falling into the wrong hands."

Print version | email this to a friend Email to a friend | View other articles