Haven't seen it mentioned yet but honestly would say just run with a OPAL or
FIPS 140 compliant SED. As much as folk don't "trust" NIST those using SED's
certified to those standards are adequate enough for non-classified government
documents (i.e. both NIST and DOD authorize them for use in their own
organizations to protect their own information) including controlled
unclassified information even while traveling in foreign nations with known
active intelligence gathering (i.e. China).
Are certified SED's from Intel and Samsung coupled with TPM enabled
motherboards more expensive and harder to get, yes. Do I trust them more than
other commercial or OSS software that, IMHO, could probably have a backdoor
easily introduced via a software update, yes. Even if the NSA could "hack"
your SED, not sure that would ever be used against you in a court of law as
that is giving away huge capability given other national governments and
multinational corps use SED"s quite routinely (FIPS or OPAL depending where you
live). Just my two cents.
-Peter
PS: When I said certified SED I mean it, I don't mean a "SED that promising AES
encryption". You have to actively look for for certified SED's and they are
often 200 to 300% priced, only sold via OEM channels, and have hard to find
model numbers.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
