Educause Security Discussion mailing list archives
Re: Full volume encryption
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Tue, 9 Oct 2007 11:00:31 -0400
Most of the major vendors
seem not completely incompetent and offer reasonable products if you
are willing to accept some hand waving over the technical details.
I don't think this is entirely a fair statement. It implies that perhaps
they are not as good as the free products because they >don't supply you with all the details, or source code, on how their algorithms are implemented. Personally, I'm not qualified to >determine if an encryption product actually works correctly. One of the benefits of commercial products is that you can check their >certifications. I know I can trust product Z to work as advertised, because NIST has given it the FIPS-x seal of approval. That's a >pretty compelling argument to use any encryption package, IMHO. I agree with Roger on this. I do refer to recommended practice guides issued by reputable organizations to advise on cryptography usage and configuration when dealing with open source applications that use cryptography but am confident in the FIPS certification process for commercial products.
What you do get with the commercial products is infrastructure to handle
installation, updates, policy, and support
This infrastructure is a necessity for any large scale implementation of whole disk encryption and the area where IT people need to invest their efforts and resources. Mike Mike Wiseman Computing and Networking Services University of Toronto
Current thread:
- Full volume encryption Phil Benchoff (Oct 09)
- <Possible follow-ups>
- Re: Full volume encryption Roger Safian (Oct 09)
- Re: Full volume encryption Mike Wiseman (Oct 09)