On 10/25/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
but they can get TrueCrypt for free now,
There are two major reasons we're using the commercial PGPdisk here instead of TrueCrypt. 1) Manageability - PGPdisk offers centralized deployment, policy management, key escrow, etc. 2) TrueCrypt's inability to encrypt the boot disk on any platform. The first is a failing that many open source software have; management is usually accomplished through scripting. That adds lots of flexibility, but makes the product far less attractive to IT departments that just want to make it work quickly. The second is more of an architecture problem with TrueCrypt. PGPdisk and other whole-disk encryption products do some very low-level, OS-dependent stuff, like loading from the boot sector and then handing off to an OS-specific device driver. These are the sorts of things that are difficult to accomplish without heavy involvement from the OS vendor. This is also why a "GPGdisk" is probably unworkable. GnuPG is designed and strives for platform independence, and thinks like disk drivers are inherently platform specific. I would think that improving TrueCrypt, perhaps stealing the OpenPGP smart card support from GnuPG, is the "best bet" for full-featured, open-source whole-disk encryption program. Finally, let's not forget the 800-pound gorilla: Microsoft already has per-file encryption (with decent key management in the OS), and has added whole disk encryption to Vista. If those solutions work well enough, practical Windows users will not see the benefits of an open source disk encryption solution outweighing the complexity of their use. Regards, Ryan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users