TwistyCreek <anon@comments.header> wrote in
news:LAJQLL7D38977.2445949074@twistycreek.com:

> "nemo_outis" <abc@xyz.com> wrote in news:Xns983D52A68669Dabcxyzcom@
> 127.0.0.1:
>
>> anonymous <anon@comments.header> wrote in
>> news:XOUCGODB38973.2769791667@twistycreek.com:
>
>>> Dr. EvenMorePedantic is compelled to point out that the gentleman's
>>> name in question is Kerchoffs, so in fact it is "Kerckhoffs'
>>> principle".
>>
>>
>> Reduced to looking for misplaced apostrophes? Your life really must
>> be very empty.
>
> Nemo, I was making a (very) modest joke here, no attack intended. I
> thought a smile or two would be useful in this group in between poor
> traveler66 being given the 'Mr. Bill' treatment everyday and the 'bait
> the psycho' stuff going on with the "FBI sadists' guy.
> Actually I found your your citation interesting and informative.


Sorry, I over-reacted :-)

You see, there are a number of folks here whom I have thoroughly spanked
in the past. They (directly or using a number of sockpuppets) now spend
their lives hoping I will make a misstep or misstatement so that they can
pounce on it. I must then spend the next half-dozen posts playing whack-
a-mole to suppress these morons for a bit while they lick their wounds.
I mistook your reply for one from them.



> BTW I am slightly disappointed in you as you failed to point out my
> misspelling of 'Kerckhoffs' name in my first use of it.

Actually, I let that slide. My prime worry was that the cryptographic
Kerchoffs' principle would be confused with the unrelated electrical
Kirchoff's principle/law.


> PS-If one uses VMWare to run Win98 (or 2000) inside a Truecrypt
> partition in Xp, (in essence a poor man's full disk encryption) are
> you aware of any leaks into the host OS that would suggest this method
> inferior to an actual FDE of XP?

I think it's a good method for a number of reasons, not least that it is
difficult for any acquired viruses to break out of such a sandbox.
(Unless, of course, you network your vmware virtual machine to your real
machines.)

And leakage to the main OS should be very small (I don't know if it's
zero).

There are two remaining points which (depending on your circumstances)
may be vulnerabilities:

1. The fact that you are using vmware (not the activities within vmware)
will be recorded in the containing OS (in the registry, existence of dlls
& services, etc.)

2. You still have considerable exposure to things like software
keyloggers, modified files, etc. in the containing OS recording your
activities. One advantage of true full-disk encryption is that there is
no place to install such malware even with covert access to the machine.

Regards,