[FDE] Can you keep a secret? This encrypted drive can...

Saqib Ali docbook.xml at gmail.com
Sat Nov 4 15:02:13 MST 2006 

Bhima,

I apologize for the inconvenience. The site was down for maintenance,
it is back online:

http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250

saqib
http://www.full-disk-encryption.net

On 11/4/06, Bhima Pandava <bhima.pandava at gmail.com> wrote:
> Saqib,
>
> The link here didn't work for me.
>
> could you check it, please?
>
> Thanks
> Bhima
>
>
> On 11/4/06, Saqib Ali <docbook.xml at gmail.com> wrote:
> > I compile a lot of software on my laptop, and I *certainly notice* the
> > difference between my office laptop (no encryption) and my travel
> > laptop (with FDE). The laptops are exactly the same, with the same
> > image loaded. The only difference is the FDE software that is
> > installed on the travel laptop.
> >
> > That is why I did an analysis of various FDE solutions to find the
> > best one for my needs. The key thing I was interested was that it must
> > be AES 256, reasonably fast, inexpensive, and offer key recovery in
> > case of password loss.
> >
> > The final outcome of the analysis is available @
> > http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250
> >
> > Compusec is great for home / personal use. It is cheap i.e. $0.00
> > (Free), and does not slow down the computer as much as the other
> > products. But that is because it only support 128 bit AES, which is a
> > major drawback as most enterprise settings require at least 256 bit
> > AES. Compusec also has a great online support forum where you can get
> > your questions answered by Compusec employees and other experienced
> > users.
> >
> > I ended up purchasing both Utimaco and Pointsec. They are excellent
> > products. They both support AES 256. The downside is that they are
> > little bit expensive (Pointsec:$170 ; Utimaco:$200) and slow.
> >
> > The best thing is they both offer great password / encryption key
> > recovery capabilities. You can create a recovery disk with both
> > products.
> >
> > They also offer password recovery using Challenge / Response sequence,
> > where the IT Helpdesk can perform a Challenge/Response sequence with
> > the user to help them recover the password or reset it to a new one.
> > Off course Challenge/Response password recovery is the NOT most
> > secure, especially if the user is remote, but you have the option to
> > disable it on the laptop if you want.
> > .
> >
> > saqib
> > http://www.full-disk-encryption.net
> >
> >
> > On 11/2/06, Alexander Klimov <alserkli at inbox.ru> wrote:
> > > On Wed, 1 Nov 2006, Saqib Ali wrote:
> > > > Well for one thing, any software based FDE is extremely slow, doubles
> > > > the file access times, and is a serious drain on the laptop battery.
> > >
> > > If a PC is used by an interactive user, it is irrelevant how much
> > > access time is increased, as far as the user cannot see a difference
> > > without a timer. Several times I have read that disk encryption is not
> > > noticeable. My own experience shows that I cannot notice any
> > > difference: emacs and pine respond immediately to every key-press if I
> > > use encrypted disk or not; firefox waits for data from network the
> > > same amount of time; mplayer does not drop frames with or without disk
> > > encryption; compilation of kernel takes some noticeable time with or
> > > without encryption, but I don't know how much exactly since I spend
> > > this time in some other program.
> > >
> > > I don't want to say that the difference is irrelevant for all uses,
> > > e.g., if one edits video with 2k resolution or hosts a busy database,
> > > they can see very real difference, but such use-cases are minority and
> > > they are not done on portable computers anyway.
> > >
> > > I guess many people here have tried full disk encryption for
> > > themselves, do you notice any difference in performance or not?
> > >
> > > --
> > > Regards,
> > > ASK
> > >
> > > ---------------------------------------------------------------------
> > > The Cryptography Mailing List
> > > Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
> > >
> >
> >
> > --
> > Saqib Ali, CISSP, ISSAP
> > http://www.full-disk-encryption.net
> > _______________________________________________
> > FDE mailing list
> > FDE at www.xml-dev.com
> > http://www.xml-dev.com/mailman/listinfo/fde
> >
>


-- 
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

More information about the FDE mailing list