[Cryptography] hardware vs software FDE (was Re: Shredding a file on a flash-based file system?)
Perry E. Metzger
perry at piermont.com
Thu Jun 19 17:06:44 EDT 2014
On Thu, 19 Jun 2014 16:32:55 -0400 Darren Lasko <dlasko at ieee.org>
wrote:
> When the encryption key isn't just "stored" in the drive hardware.
> Any implementation worth its salt will only store the key wrapped
> with the authentication credentials required for unlocking the
> drive. This is no different from how software-based full drive
> encryption products protect their encryption keys.
It is different in a vital respect -- in the software implementation,
you can more or less check that everything is working as expected,
and you don't have to trust that the drive isn't sabotaging you.
That's quite different -- vitally so, I think.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list