Educause Security Discussion mailing list archives

Re: Full volume encryption

From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 9 Oct 2007 08:41:46 -0500

At 07:53 AM 10/9/2007, Phil Benchoff put fingers to keyboard and wrote:

installation, updates, policy, and support.  Most of the major vendors seem
not completely incompetent and offer reasonable products if you are willing
to accept some hand waving over the technical details.


I don't think this is entirely a fair statement.  It implies that perhaps
they are not as good as the free products because they don't supply you
with all the details, or source code, on how their algorithms are
implemented.  Personally, I'm not qualified to determine if an encryption
product actually works correctly.  One of the benefits of commercial
products is that you can check their certifications.  I know I can trust
product Z to work as advertised, because NIST has given it the FIPS-x
seal of approval.  That's a pretty compelling argument to use any
encryption package, IMHO.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"

Current thread:

Full volume encryption Phil Benchoff (Oct 09)
- <Possible follow-ups>
- Re: Full volume encryption Roger Safian (Oct 09)
- Re: Full volume encryption Mike Wiseman (Oct 09)