It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Jonathan Thornburg
jthorn at aei.mpg.de
Tue Jan 16 10:25:04 EST 2007
On Tue, 16 Jan 2007, Steven M. Bellovin wrote:
[[about full-disk encryption]]
> In most situations, disk encryption is useless and probably harmful.
> It's useless because you're still relying on the OS to prevent access
> to the cleartext through the file system, and if the OS can do that it
> can do that with an unencrypted disk.
Yes, encrypted disks aren't much good unless the OS also encrypts
(at least) swap space. I note that OpenBSD ships with swap-space
encryption turned on by default. The encryption is done in software
using Rijndael. On modern hardware the performance hit is minimal
(compared to the cost of the disk access). See
http://www.openbsd.org/papers/swapencrypt.ps
for a discussion of the security model.
ciao,
--
-- "Jonathan Thornburg -- remove -animal to reply" <jthorn at aei.mpg-zebra.de>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list