[Cryptography] Wrong uses of filesystem encryption
Tom Mitchell
mitch at niftyegg.com
Sat Jan 31 14:42:45 EST 2015
On Fri, Jan 30, 2015 at 11:49 AM, Kent Borg <kentborg at borg.org> wrote:
> On 01/30/2015 10:33 AM, U.Mutlu wrote:
>
>> What 'best practices' for filesystem encryption are there?
>>
>
> Again, that horrible term! Says who? Measured how? Accomplishing what?
>
I would second that thought.
Start with the data and the risk and impact of data loss or data disclosure.
Second look at layers of information and access patterns.
A password wallet containing whole disk encryption keys
on the disk that is locked with the keys in the wallet is backward.
Third look at attacks and loss scenarios: fire, theft, failure.
Loss must include loss of passwords and loss or theft of the hardware
in addition to the loss of data including the disclosure of data.
Does your laptop have a "return to" address and phone number.
Should that be your local police department or should that be your home.
Fourth look at data and hardware ownership. Your data, company A's data,
company B's data,
financial, access (password wallets, yes plural). Personal data on a
company laptop.
Company data on a personal laptop.
Fifth look at legal requirements and additional policy that you must comply
with.
Six look at other issues including backups. This must include
odd stuff like booting for the TSA when traveling. Know that you
will be recorded and passwords would be captured as can happen
at any public place.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150131/95a1a3de/attachment.html>
More information about the cryptography
mailing list