Peter Gutmann
Wed, 09 Jul 2008 07:57:49 -0700
Arshad Noor <[EMAIL PROTECTED]> writes: >Perry E. Metzger wrote: >> There are now a number of drives on the market advertising AES based >> FDE in hardware, and a number of laptops available on the market that >> claim to support them. >> [...] > >There is a debate going on on that list about the value of >encrypting data at the disk-drive layer vs. encrypting at the >application layer - I believe the latter is a more strategic >solution - and the voices from the Crypto forum would be >welcome on these issues. One thing about drive-based encryption is that we're been proised this since about 2000 or 2001, and it's always just another year or two away for various reasons: standardisation, host controller support, OS support, phase of the moon, ... . The current reason seems to be FIPS 140: the turnaround time for a FIPS 140 eval is significantly longer than the mean lifetime of any particular hardware/firmware config, and the cost of the constant re-evals doesn't help much either. So drive-based FDE is currently awaiting the loading of a compliment of small FIPS 140-soaked paper napkins. Until then there will be a short delay. Please return to your seats. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]