Dr. Bellovin,
In most situations, disk encryption is useless and probably harmful. It's useless because you're still relying on the OS to prevent access to the cleartext through the file system, and if the OS can do that it can do that with an unencrypted disk.
I am not sure I understand this. With FDE, the HDD is unlocked by a pre-boot kernel (linux). It is not the function of the resident OS to unlock the drive.
It's harmful because you can lose a key. (Your web page does address that, but I'm perplexed -- what is challenge/response authentication for key recovery?)
Challenge/Response password recovery, as I understand, is a very simplified implementation of Secret Sharing. It allows for 2 parties, in this case the IT HelpDesk and the User, to collaborate and recover a Secret. 1) Upon forgetting the password, the user calls the Help Desk. 2) The IT Help Desk authenticates the user in the usual ways (e.g. check office voice mail etc), as the policy dictates. 3) Once authenticated the user give the partial secret to the HelpDesk. 4) The HelpDesk then combine it with the secret they have to produce a temporary password. 5) The temporary password is then used to unlock the HDD "once", and new credentials are created. -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]