On Mon, 15 Jan 2007 08:39:18 -0800 "Saqib Ali" <[EMAIL PROTECTED]> wrote:
> An article on how to use freely available Full Disk Encryption (FDE) > products to protect the secrecy of the data on your laptops. FDE > solutions helps to prevent data leaks in case the laptop is stolen or > goes missing. The article includes a brief intro, benefits, drawbacks, > some tips, and a complete list of FDE solutions in the market. > > http://www.full-disk-encryption.net/intro.php > I'll turn it around -- why should you use it? In most situations, disk encryption is useless and probably harmful. It's useless because you're still relying on the OS to prevent access to the cleartext through the file system, and if the OS can do that it can do that with an unencrypted disk. It's harmful because you can lose a key. (Your web page does address that, but I'm perplexed -- what is challenge/response authentication for key recovery?) Disk encryption, in general, is useful when the enemy has physical access to the disk. Laptops -- the case you describe on your page -- do fit that category; I have no quarrel with disk encryption for them. It's more dubious for desktops and *much* more dubious for servers. (Caveat: I'm assuming that when you dispose of systems, you run DBAN or some such on the drives -- if not, we're back to the physical access threat.) --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
