1 |
On Sat, Jun 6, 2020 at 8:47 PM Victor Ivanov <vic.m.ivanov@×××××.com> wrote: |
2 |
> |
3 |
> On 06/06/2020 21:12, Rich Freeman wrote: |
4 |
> > Maybe we're miscommunicating, but it seems like you're moving the |
5 |
> > goalposts here. |
6 |
> > ... |
7 |
> > Your original point was, "The problem here is that a leaked header |
8 |
> > immediately means a compromised volume." |
9 |
> |
10 |
> I believe we're on the same page and it's indeed due to miscommunication |
11 |
> and I suspect this is where the main point of miscommunication lies. |
12 |
> You're taking my statement out of context. No doubt, I most certainly |
13 |
> could have phrased this part better and made it clearer. It may not have |
14 |
> been obvious but that sentence was aimed specifically in the context |
15 |
> where a weak password is used or, especially, when a password has been |
16 |
> compromised and how being able to change said password might have little |
17 |
> effect. In which case the point still stands - when a password is |
18 |
> compromised, there is a possibility that changing said password may not |
19 |
> necessarily be the end of the matter as the (old) header may or may not |
20 |
> have been leaked too either as part of the same or a previous attack - |
21 |
> not necessarily involving physical access. |
22 |
|
23 |
I think we're on the same page and just talking past each other. I |
24 |
didn't catch that as being the intended context, and in the scenario |
25 |
you describe you are of course completely correct. |
26 |
|
27 |
Thanks for bringing this point up though, as it isn't really something |
28 |
I'd given much thought to. |
29 |
|
30 |
-- |
31 |
Rich |