On Tue, 16 Jan 2007, Steven M. Bellovin wrote:
[[about full-disk encryption]]
> In most situations, disk encryption is useless and probably harmful.
> It's useless because you're still relying on the OS to prevent access
> to the cleartext through the file system, and if the OS can do that it
> can do that with an unencrypted disk.

Yes, encrypted disks aren't much good unless the OS also encrypts
(at least) swap space.  I note that OpenBSD ships with swap-space
encryption turned on by default.  The encryption is done in software
using Rijndael.  On modern hardware the performance hit is minimal
(compared to the cost of the disk access).  See
for a discussion of the security model.


-- "Jonathan Thornburg -- remove -animal to reply" <[EMAIL PROTECTED]>
   Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
   Golm, Germany, "Old Europe"     http://www.aei.mpg.de/~jthorn/home.html      
   "Washing one's hands of the conflict between the powerful and the
    powerless means to side with the powerful, not to be neutral."
                                      -- quote by Freire / poster by Oxfam

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to