Re: Product request - Enterprise whole disk encryption for laptops

[Charlie Prothero <Charlie.Prothero () KEYSTONE EDU>]

Roger's comment on risk management brings to mind the question of whether or not someone should even be allowed to put 
sensitive data on a laptop, though this is a bit off-topic vis-à-vis this discussion.  Citrix, MS Terminal Services, 
VNC and many other remote access services allow laptop users to interact with data and software through secure 
connections and without putting any actual data on the device.  That's the direction Keystone College has adopted for 
the time being...

- Charlie
 
-----Original Message-----
From: Roger Safian [mailto:r-safian () NORTHWESTERN EDU] 
Sent: Saturday, July 15, 2006 2:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Product request - Enterprise whole disk encryption for laptops

At 11:44 AM 7/15/2006, Valdis Kletnieks put fingers to keyboard and wrote:
> These need to be *seriously* considered when contemplating desktop/laptop
> encryption - I've seen all too many sites totally fail to understand this...

So here's my question.

I always considered encryption an exercise in risk management.
The risk I am trying to prevent is that the theft of a 
computer will expose the data to the casual criminal.  I
assume that someone serious about cracking the encrypted
files will simply resort to other, and much more effective 
methods of ascertaining the correct passphrase.  So my
question is this, just how long could I expect a passphrase,
of at least 16 characters, composed on ONLY alpha-numeric
characters, to withstand the attack?




-- 
Roger A. Safian 
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"