[Cryptography] Speeding up Linux disk encryption

Jerry Leichter leichter at lrw.com
Mon Apr 12 16:22:18 EDT 2021


> Why is full disk encryption of interest to Cloud Flare? Rack mounted servers don't casually walk away, do they? Well, when one is dealing on the scale of Cloud Flare I bet they do. Maybe not stolen by an Evil Maid, but servers will get lost in the shuffle....
> 
The big cloud storage providers put a lot of work into this.  I've seen specific discussions of this concerning Google, for example.  Each individual drive is tracked from "birth" to death.  No drive, once it's been actually accessed on a live system, ever leaves the building without being physically destroyed.  There are all kinds of procedures for drive handling to make sure this can never happen.

All of this even though most of the user data written to drives is encrypted anyway.

A "lost" drive would be a major, major crisis.

Physical security and proper handling of valuable physical objects is something we've been doing for a long, long time.

Of course any process can fail or be deliberately *made* to fail - even bank vaults get broken into - but I would rank that risk pretty low for users of any major vendor.
                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210412/250f51a2/attachment.htm>


More information about the cryptography mailing list