I don't trust FDE drives.

Perry E. Metzger perry at piermont.com
Wed Jul 9 10:30:06 EDT 2008


I've now talked to a few people affiliated with drive companies at
this point. One of them seems to really know what he's doing. The rest
appear not to. One has even spoken to me of keying material being
protected by "what are effectively one time pads" and "trust us, this
is our business" in ways that make me not trust him, or his company,
at all.

Based on what I've heard, I suspect that a grad student who wants a
*really* good paper could probably manage to humiliate a couple of
drive companies with a little bit of effort. It is likely to get you
plenty of publicity.

Also, at this point, I'm not sure one should trust FDE drives with
data that one really cares about. Software based solutions can be much
more readily analyzed and verified. They require much less trust that
a vendor has done their job right. I don't think one can trust the
hard drive vendors.


Perry
-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list