Educause Security Discussion mailing list archives
Re: Product request - Enterprise whole disk encryption for laptops
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 20 Jul 2006 15:29:10 +1200
Charlie Prothero wrote:
I always considered encryption an exercise in risk management. The risk I am trying to prevent is that the theft of a computer will expose the data to the casual criminal. I assume that someone serious about cracking the encrypted files will simply resort to other, and much more effective methods of ascertaining the correct passphrase. So my question is this, just how long could I expect a passphrase, of at least 16 characters, composed on ONLY alpha-numeric characters, to withstand the attack?
how about exam papers in preparation, or critical research results (perhaps from a project with a commercial collaborator). If the former gets exposed (as happened to one friend of mine two weeks before the exam) it's a royal pita but not a disaster. The latter could conceivably be very costly for the university. Again, it all comes down getting people to think about the risks associated the data we handle on a day to day basis. In the case of collaborative commercial research one would hope that the company involved had negotiated an agreement with the department that explicitly spelled out who was responsible for what and what minimum standards of care were applicable. We started doing this with anyone who required access to university data a few years ago and we still get people (mostly vendors) surprised that we want to know what standards they use on their desktop systems (AV, Spyware etc.) And that we want to know what they are going to do if they expose our data and that we want it all in writing! E.g. our agreement with Chubb who look after all the physical locks and keys in the University. R
Current thread:
- Re: Product request - Enterprise whole disk encryption for laptops, (continued)
- Re: Product request - Enterprise whole disk encryption for laptops Jeff Kell (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Roger Safian (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Valdis Kletnieks (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Mark Newman (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Valdis Kletnieks (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Mark Newman (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Harold Winshel (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Harold Winshel (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Valdis Kletnieks (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Charlie Prothero (Jul 18)
- Re: Product request - Enterprise whole disk encryption for laptops Russell Fulton (Jul 19)
- Re: Product request - Enterprise whole disk encryption for laptops Waller, Michael A. (HSC) (Jul 20)
- Re: Product request - Enterprise whole disk encryption for laptops Harold Winshel (Jul 20)