Re: Full volume encryption

[Mike Wiseman <mike.wiseman () UTORONTO CA>]

> > Most of the major vendors

> > seem not completely incompetent and offer reasonable products if you

> > are willing to accept some hand waving over the technical details.



> I don't think this is entirely a fair statement.  It implies that perhaps
they are not as good as the free products because they >don't supply you
with all the details, or source code, on how their algorithms are
implemented.  Personally, I'm not qualified to >determine if an encryption
product actually works correctly.  One of the benefits of commercial
products is that you can check their >certifications.  I know I can trust
product Z to work as advertised, because NIST has given it the FIPS-x seal
of approval.  That's a >pretty compelling argument to use any encryption
package, IMHO.



I agree with Roger on this. I do refer to recommended practice guides issued
by reputable organizations to advise on cryptography usage and configuration
when dealing with open source applications that use cryptography  but am
confident in the FIPS certification process for commercial products.



> > What you do get with the commercial products is infrastructure to handle

> > installation, updates, policy, and support



This infrastructure is a necessity for any large scale implementation of
whole disk encryption and the area where IT people need to invest their
efforts and resources.



Mike





Mike Wiseman

Computing and Networking Services

University of Toronto