[Cryptography] Speeding up Linux disk encryption
John-Mark Gurney
jmg at funkthat.com
Mon Apr 12 19:00:42 EDT 2021
Jeremy Stanley wrote this message on Sun, Apr 11, 2021 at 14:25 +0000:
> On 2021-04-10 17:42:35 -0400 (-0400), Kevin W. Wall wrote:
> [...]
> > I think what people seem to be missing here is "what is the threat
> > model" for all of this FDE?
> >
> > The main purpose of FDE is--and as far as I know, always has
> > been--to protect "smash-and-grab" attacks, where for instance a
> > crook is walking past a locked parked car, sees a laptop on the
> > back see, smashes the window and grabs the laptop and runs off
> > with it. (It provides similar protection if your laptop is powered
> > down and you simply lost it.) If it's advertised as anything more
> > than this, chances are, it's just hype.
> >
> > Businesses who issued company laptops to their employees were the
> > ones who pushed to get FDE deployed because there were way too
> > many news stories popping up of stolen or lost company laptops
> > where the employee may have had thousands or millions of consumer
> > records containing PII on them and this was one way to address
> > that liability. (And more effective than telling the employee "not
> > to do that", especially when that employee was a C-level
> > executive.)
> [...]
>
> There's a related compelling business case: secure disposal. I
> remember my employer spending inordinate sums of money to have hard
> drives of systems which might (or might not) have contained
> sensitive information thoroughly destroyed in order to prevent that
> data from being leaked to dumpster-divers or through grey-market
> parts resale. Indeed there are plenty of stories about people buying
> used hard drives in bulk as simple gold mining expeditions. If the
> disk is reliably encrypted, it's far cheaper to wipe/discard the
> decryption key and pass it off to a lower-security recycling
> operation.
Great example of this is when a disk needs to be RMA'd. The disk
may be non-functional, but there is nothing the says when a
manufacturer refurbished the drive, that it won't still have your
data on it. W/ FDE, like you say, you can send it back w/o worrying
that your data might be leaked.
I've eaten the cost of disks in the past because I didn't want to
send a broken drive in for RMA because of this.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210412/655dd15e/attachment.sig>
More information about the cryptography
mailing list