http://xkcd.com/538/ On Fri, Dec 10, 2010 at 9:58 AM, William Herrin <[email protected]> wrote:
> On Fri, Dec 10, 2010 at 8:21 AM, Florian Weimer <[email protected]> wrote: > > Software-based solutions have the advantage that they are somewhat > > more testable and reviewable. If it's all in the disk, you can't > > really be sure that the data is encrypted with a static key, and the > > passphrase is used for access control only. The latter approach seems > > to be somewhat common with encrypting storage devices, unfortunately. > > It's not just common; it's the official standard. The API doesn't let > you set the key or read the bare data. It let's you input a password > to unlock both drive and encryption key and it let's you tell the > drive to generate a new encryption key ("cryptographic erase"). So > yes, you have to trust that the manufacturer is doing what they claim. > > This caused me some concern when I first got it, but at the end of the > day I'm not trying to protect my files from someone with the resources > to reconfigure hard drives in a way that allows them to go after the > raw data without entering the password. I'm trying to protect them > from the casual roadside thief. > > -Bill > > > > -- > William D. Herrin ................ [email protected] [email protected] > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> > Falls Church, VA 22042-3004 > >
