[FDE] Can you keep a secret? This encrypted drive can...
Saqib Ali
docbook.xml at gmail.com
Tue Nov 7 19:51:19 MST 2006
Seagate encrypted HDDs and Vista Bitlocker is next on my list to
evaluate. I will have to get a copy of Mobile Armor. The reason I
didn't include them in my initial eval was that I didn't know of any
large companies using that product.
As far as I understand, Seagate's encrypted drives DO NOT impose any
overhead, that is because it has an onboard ASIC that performs the
crypto functions. Hardware encryptions are much much faster then
software.
Vista Bitlocker, a software based FDE solution, uses TPM to wrap and
bind the encryption keys. Which make the key management easier or more
transparent to the user. But being a software solution, Bit Locker,
will still impose considerable overhead. I will publish the results
once I am done with the eval of BitLocker.
One other reader emailed me asking about how TPM will effect the FDE
solutions. So here are my thoughts....
As far as the TPM is concerned, I don't think wrapping and binding the
encryption key using the TPM will impose any overhead, if anything it
will be faster and more convenient for the user.
Some TPM manufacturers advertise bulk encryption capabilities in their
TPM chip, but that has yet to be exploited for FDE purpose.
> Large Scale Management
I will look into this.
> Pre-boot authentication against RADIUS and other network based
> authentication services
Good point. I don't think there is any FDE solutions currently
available that supports for network based auth services. Boot-loader
should be small and simple to ensure security. Adding networking
services might not be a good idea. Please correct me if I am wrong.
saqib
http://www.full-disk-encryption.net
More information about the FDE
mailing list