On Mon, 15 Jan 2007 08:39:18 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:

> An article on how to use freely available Full Disk Encryption (FDE)
> products to protect the secrecy of the data on your laptops. FDE
> solutions helps to prevent data leaks in case the laptop is stolen or
> goes missing. The article includes a brief intro, benefits, drawbacks,
> some tips, and a complete list of FDE solutions in the market.
> http://www.full-disk-encryption.net/intro.php
I'll turn it around -- why should you use it?

In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do that with an unencrypted disk.  It's harmful because you can
lose a key.  (Your web page does address that, but I'm perplexed --
what is challenge/response authentication for key recovery?)

Disk encryption, in general, is useful when the enemy has physical
access to the disk.  Laptops -- the case you describe on your page --
do fit that category; I have no quarrel with disk encryption for them.
It's more dubious for desktops and *much* more dubious for servers.
(Caveat: I'm assuming that when you dispose of systems, you run DBAN or
some such on the drives -- if not, we're back to the physical access

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to