On Mon, 20 Apr 2009, Simson Garfinkel wrote:
> I would like to amplify what Scott has said below. > > I think that it is a common misconception that drives which are used > on servers in a secure location do not need FDE. In my research I > have purchased thousands of hard drives on the secondary market and > examined those drives for an indication of the data left on them by > previous users. The most sensitive (and potentially damaging) data > comes from drives that were used in servers, were taken out of > service, and then ended up in my hands. > I am curious - how do you arrange for key entry in a server? Does the operator enter it from the console on each boot? Doesn't that make "lights out" operation difficult? I wouldn't like to give up the ability of machines to reboot unattended. If it is stored somewhere on the computer, don't you still have the problem that possesion of the hardware implies access to the data? Anyway, how often do used drives have cash value greater than the cost differential of regular and FDE drives? Wouldn't it be more efficient to just destroy used drives if you can't erase the contents? Daniel Feenberg _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde
