disks with hardware FDE
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jul 9 05:35:51 EDT 2008
Arshad Noor <arshad.noor at strongauth.com> writes:
>Perry E. Metzger wrote:
>> There are now a number of drives on the market advertising AES based
>> FDE in hardware, and a number of laptops available on the market that
>> claim to support them.
>> [...]
>
>There is a debate going on on that list about the value of
>encrypting data at the disk-drive layer vs. encrypting at the
>application layer - I believe the latter is a more strategic
>solution - and the voices from the Crypto forum would be
>welcome on these issues.
One thing about drive-based encryption is that we're been proised this since
about 2000 or 2001, and it's always just another year or two away for various
reasons: standardisation, host controller support, OS support, phase of the
moon, ... . The current reason seems to be FIPS 140: the turnaround time for
a FIPS 140 eval is significantly longer than the mean lifetime of any
particular hardware/firmware config, and the cost of the constant re-evals
doesn't help much either. So drive-based FDE is currently awaiting the
loading of a compliment of small FIPS 140-soaked paper napkins. Until then
there will be a short delay. Please return to your seats.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list