It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Steven M. Bellovin
smb at cs.columbia.edu
Tue Jan 16 09:32:19 EST 2007
On Mon, 15 Jan 2007 08:39:18 -0800
"Saqib Ali" <docbook.xml at gmail.com> wrote:
> An article on how to use freely available Full Disk Encryption (FDE)
> products to protect the secrecy of the data on your laptops. FDE
> solutions helps to prevent data leaks in case the laptop is stolen or
> goes missing. The article includes a brief intro, benefits, drawbacks,
> some tips, and a complete list of FDE solutions in the market.
>
> http://www.full-disk-encryption.net/intro.php
>
I'll turn it around -- why should you use it?
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do that with an unencrypted disk. It's harmful because you can
lose a key. (Your web page does address that, but I'm perplexed --
what is challenge/response authentication for key recovery?)
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do fit that category; I have no quarrel with disk encryption for them.
It's more dubious for desktops and *much* more dubious for servers.
(Caveat: I'm assuming that when you dispose of systems, you run DBAN or
some such on the drives -- if not, we're back to the physical access
threat.)
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list