nanog mailing list archives
Re: Windows Encryption Software
From: William Herrin <bill () herrin us>
Date: Fri, 10 Dec 2010 10:58:48 -0500
On Fri, Dec 10, 2010 at 8:21 AM, Florian Weimer <fw () deneb enyo de> wrote:
Software-based solutions have the advantage that they are somewhat more testable and reviewable. If it's all in the disk, you can't really be sure that the data is encrypted with a static key, and the passphrase is used for access control only. The latter approach seems to be somewhat common with encrypting storage devices, unfortunately.
It's not just common; it's the official standard. The API doesn't let you set the key or read the bare data. It let's you input a password to unlock both drive and encryption key and it let's you tell the drive to generate a new encryption key ("cryptographic erase"). So yes, you have to trust that the manufacturer is doing what they claim. This caused me some concern when I first got it, but at the end of the day I'm not trying to protect my files from someone with the resources to reconfigure hard drives in a way that allows them to go after the raw data without entering the password. I'm trying to protect them from the casual roadside thief. -Bill -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- RE: Windows Encryption Software, (continued)
- RE: Windows Encryption Software Brandon Kim (Dec 09)
- Re: Windows Encryption Software Suresh Ramasubramanian (Dec 09)
- RE: Windows Encryption Software Brandon Kim (Dec 09)
- Re: Windows Encryption Software William Herrin (Dec 09)
- Re: Windows Encryption Software John Orthoefer (Dec 10)
- Re: Windows Encryption Software Ben Carleton (Dec 10)
- Re: Windows Encryption Software Jan-Philipp Warmers (Dec 10)
- Re: Windows Encryption Software Florian Weimer (Dec 10)
- Re: Windows Encryption Software Curtis Maurand (Dec 10)
- Re: Windows Encryption Software Michael Holstein (Dec 10)
- Re: Windows Encryption Software Curtis Maurand (Dec 10)
- Re: Windows Encryption Software Curtis Maurand (Dec 10)
- Re: Windows Encryption Software William Herrin (Dec 10)
- Re: Windows Encryption Software Chad Dailey (Dec 10)
- Re: Windows Encryption Software Nick Boyce (Dec 14)