It's a Presidential Mandate, Feds use it. How come you are not using FDE?

Jonathan Thornburg jthorn at
Tue Jan 16 10:25:04 EST 2007

On Tue, 16 Jan 2007, Steven M. Bellovin wrote:
[[about full-disk encryption]]
> In most situations, disk encryption is useless and probably harmful.
> It's useless because you're still relying on the OS to prevent access
> to the cleartext through the file system, and if the OS can do that it
> can do that with an unencrypted disk.

Yes, encrypted disks aren't much good unless the OS also encrypts
(at least) swap space.  I note that OpenBSD ships with swap-space
encryption turned on by default.  The encryption is done in software
using Rijndael.  On modern hardware the performance hit is minimal
(compared to the cost of the disk access).  See
for a discussion of the security model.


-- "Jonathan Thornburg -- remove -animal to reply" <jthorn at>
   Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
   Golm, Germany, "Old Europe"      
   "Washing one's hands of the conflict between the powerful and the
    powerless means to side with the powerful, not to be neutral."
                                      -- quote by Freire / poster by Oxfam

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list