| 1 |
On Sat, Jun 6, 2020 at 8:47 PM Victor Ivanov <vic.m.ivanov@×××××.com> wrote: |
| 2 |
> |
| 3 |
> On 06/06/2020 21:12, Rich Freeman wrote: |
| 4 |
> > Maybe we're miscommunicating, but it seems like you're moving the |
| 5 |
> > goalposts here. |
| 6 |
> > ... |
| 7 |
> > Your original point was, "The problem here is that a leaked header |
| 8 |
> > immediately means a compromised volume." |
| 9 |
> |
| 10 |
> I believe we're on the same page and it's indeed due to miscommunication |
| 11 |
> and I suspect this is where the main point of miscommunication lies. |
| 12 |
> You're taking my statement out of context. No doubt, I most certainly |
| 13 |
> could have phrased this part better and made it clearer. It may not have |
| 14 |
> been obvious but that sentence was aimed specifically in the context |
| 15 |
> where a weak password is used or, especially, when a password has been |
| 16 |
> compromised and how being able to change said password might have little |
| 17 |
> effect. In which case the point still stands - when a password is |
| 18 |
> compromised, there is a possibility that changing said password may not |
| 19 |
> necessarily be the end of the matter as the (old) header may or may not |
| 20 |
> have been leaked too either as part of the same or a previous attack - |
| 21 |
> not necessarily involving physical access. |
| 22 |
|
| 23 |
I think we're on the same page and just talking past each other. I |
| 24 |
didn't catch that as being the intended context, and in the scenario |
| 25 |
you describe you are of course completely correct. |
| 26 |
|
| 27 |
Thanks for bringing this point up though, as it isn't really something |
| 28 |
I'd given much thought to. |
| 29 |
|
| 30 |
-- |
| 31 |
Rich |
Archives