RE: Open source FDE for Win32

2008-02-14 Thread Dave Korn
On 11 February 2008 04:13, Ali, Saqib wrote:
 I installed TrueCrypt on my laptop and ran some benchmark tests/
 
 Benchmark Results:
 http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks

  Thanks for doing this!

 Cons:
 1) Buffered Read and Buffered Transfer Rate was almost halved after
 TrueCrypt FDE was enabled :-(.

  Yes, to almost the exact same rate as sequential reads.  I'm guessing it
simply doesn't implement look-ahead decryption.  It might even be a positively
good idea to not decrypt anything until you're specifically asked.

 3) The initial encryption of the 120 GB HDD took 2 hours.

  You think a 1GB/min encryption rate is so slow as to count as a con?  I
think that's fairly reasonable.  My lightly loaded AMD64x2 box just took 48s
to copy a 584MB file from one place to another on a first trial, and between
26s and 39s on 'hot' retests.

  Or are you suggesting that it could encrypt each block OTF when it's first
accessed, or run the encryption in the background while the system was still
live, instead of converting the whole drive in one big bite?


cheers,
  DaveK
-- 
Can't think of a witty .sigline today

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Open source FDE for Win32

2008-02-14 Thread Hagai Bar-El

Hello Dave,

On 13/2/2008 21:26, Dave Korn wrote:

  Or are you suggesting that it could encrypt each block OTF when it's first
accessed, or run the encryption in the background while the system was still
live, instead of converting the whole drive in one big bite?



Encrypting blocks only when they are used can be risky in terms of false 
sense of security. There is basically no way for you to tell what is 
left out there.


Encrypting the drive while the system is live is what TC currently does. 
Encryption runs in the background while you can do other things (though 
much slower).


Hagai.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Open source FDE for Win32

2008-02-13 Thread Ali, Saqib
I installed TrueCrypt on my laptop and ran some benchmark tests/

Benchmark Results:
http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks

Pros:
1) Easy to use product. Simple clean interface. Very user-friendly!
2) Free and Open Source
3) Multiple Encryption and Hashing algorithm available.

Cons:
1) Buffered Read and Buffered Transfer Rate was almost halved after
TrueCrypt FDE was enabled :-(.
2) Access Time for large file (250+MB) increased by 11%.
3) The initial encryption of the 120 GB HDD took 2 hours.




On Feb 7, 2008 11:46 PM, Hagai Bar-El [EMAIL PROTECTED] wrote:
 List,

 Finally, an open source FDE (Full Disk Encryption) for Win32. It is the
 first one I am aware of:

 www.truecrypt.org

 TC is not a new player, but starting February 5th (version 5) it also
 provides FDE.

 Didn't get to try it yet.

 Hagai.


 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Open source FDE for Win32

2008-02-13 Thread Hagai Bar-El

Hello,

On 11/2/2008 06:13, Ali, Saqib wrote:

I installed TrueCrypt on my laptop and ran some benchmark tests/

Benchmark Results:
http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks

Pros:
1) Easy to use product. Simple clean interface. Very user-friendly!
2) Free and Open Source
3) Multiple Encryption and Hashing algorithm available.

Cons:
1) Buffered Read and Buffered Transfer Rate was almost halved after
TrueCrypt FDE was enabled :-(.
2) Access Time for large file (250+MB) increased by 11%.
3) The initial encryption of the 120 GB HDD took 2 hours.



Actually, there is one major (but temporary) limitation to TC5: It does 
not process too well partitions that are not the system partition, but 
which share the same physical drive as the system partition, if you 
elect to encrypt the entire drive.


That is, if you decide to encrypt a whole physical drive that stores 
both C: (system) and D: (another partition), you are going to face a 
situation in which your D: partition is logically gone (until you 
re-decrypt the whole thing back). Next version will fix it, the team 
promises.


Hagai.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]