[BBLISA] whole disk encryption
John Orthoefer
jco at direwolf.com
Mon Aug 23 09:59:35 EDT 2010
So I've been using the Seagate FDE2 drives. For laptops which have to travel.
The Pros are once the machine is booted it's totally transparent.
The Cons it's backups, Key management and booting.
As it turns out they need special BIOS support to prompt for a password and enable the drive preboot. Mac EFI has no such support. Also when the machine hibernates/sleeps, the BIOS needs support to be able to re-unlock the drive.
The Backups I think are ultimately the biggest issue. Since you can't even READ the drive without a key, So that means the machine has to be on and awake. Which is another sort of sub issue, with sparse bundles on the MAC a multi user laptop two users can't go poking around in each others stuff. With a FDE drive, once it's booted you have access to all the sectors, good for backups.
Finally Key Management on these drives is a huge headache since you talk to the BIOS none of them are designed so you can store the key or password off on another server. So it's up to the user to record the information somewhere. Winmagic lets you make a CD/DVD/USB Stick with some magic that generates a OTP that allows you to unlock the drive.
johno
On Aug 22, 2010, at 3:17 PM, Benjamin Cline wrote:
> On 8/22/10 6:45 AM, Edward Ned Harvey wrote:
>> I wonder if there's a hardware solution, that would make the encrypted disk
>> transparent to the OS, and hence, all the backup tools and other tools you
>> might use in the OS would remain functional...
>>
>
> This already seems to exist, see
> http://en.wikipedia.org/wiki/Hardware-based_Full_Disk_Encryption and
> http://www.secude.com/html/?id=migration-hardware-fde
>
> I haven't used any of these products/technologies myself, so I can't
> comment as to their security or functionality.
>
> Benji
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
More information about the bblisa
mailing list