Can you keep a secret? This encrypted drive can...
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Tue Oct 31 18:50:20 EST 2006
Saqib Ali wrote:
> http://www.infoworld.com/article/06/10/30/HNseagateagain_1.html
Notably, none of the three articles mention Vista's BitLocker, which
provides FDE in software and establishes trust via a TPM chip. (For
those who haven't heard about it, BitLocker also uses a clever diffuser
that Niels Ferguson designed specifically for the FDE scenario.)
The problem I see with hardware FDE is the same one that prompted
Poul-Henning Kamp to design GBDE some time back: the "lose a password,
game over" model doesn't work in corporate environments. People forget
passwords all the time. They don't see this as an irrecoverable failure;
it's something that the IT people are supposed to be able to fix with a
wave of their tricorder. Once that assumption flies out the window, the
cost of a lost password becomes so high that it's more convenient to
disable the encryption altogether.
On the other hand, Vista is shipping with BitLocker enabled by default
in the upper editions (Enterprise or somesuch), and doesn't rely on
passwords at all; it actually brings the user, without any interaction,
to the standard Windows login prompt, where the user can reach for a
smart card, or use a fingerprint reader, or do any other kind of
authentication Windows supports. Optionally, a hardware token or USB key
can be required during boot, and those can be made rekeyable by the IT
department, if I understood one of the engineers who worked on it correctly.
Seagate's technical solution isn't compatible with the social problem
it's trying to solve. I think Microsoft's is, surprisingly enough.
As a sidenote, I wonder if Seagate will release full details and code
for their FDE (and AES) implementation, or if we're supposed to take the
"no backdoors" clause on faith, as we do with TPMs.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list