In response to: "I am curious - how do you arrange for key entry in a server?"
Transparent operation (such as that afforded by TPMs) are a viable option. Not quite as secure (cold boot attack or some other direct memory-based attack [eg, firewire]), but the convenience might be worth it. ----- Original Message ----- From: "Daniel Feenberg" <[email protected]> To: <[email protected]> Sent: Wednesday, April 22, 2009 7:34 AM Subject: Re: [FDE] how FDE is implemented at system layer > > > On Mon, 20 Apr 2009, Simson Garfinkel wrote: > >> I would like to amplify what Scott has said below. >> >> I think that it is a common misconception that drives which are used >> on servers in a secure location do not need FDE. In my research I >> have purchased thousands of hard drives on the secondary market and >> examined those drives for an indication of the data left on them by >> previous users. The most sensitive (and potentially damaging) data >> comes from drives that were used in servers, were taken out of >> service, and then ended up in my hands. >> > > I am curious - how do you arrange for key entry in a server? Does the > operator enter it from the console on each boot? Doesn't that make "lights > out" operation difficult? I wouldn't like to give up the ability of > machines to reboot unattended. If it is stored somewhere on the computer, > don't you still have the problem that possesion of the hardware implies > access to the data? > > Anyway, how often do used drives have cash value greater than the cost > differential of regular and FDE drives? Wouldn't it be more efficient to > just destroy used drives if you can't erase the contents? > > Daniel Feenberg > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
