[FDE] Can you keep a secret? This encrypted drive can...
Saqib Ali
docbook.xml at gmail.com
Wed Nov 8 17:38:03 MST 2006
Hello Thomas,
I don't think TrueCrypt is not a FDE solutions, i.e. it can not fully
encrypted the boot drive. Please correct me if I am wrong.
thanks
saqib
http://www.full-disk-encryption.net
On 11/8/06, Thomas Brewster <thomas_brewster at hotmail.com> wrote:
> I would like to see TrueCrypt added to the test mix.
>
> - Thomas Brewster
>
>
> ----- Original Message -----
> From: "Saqib Ali" <docbook.xml at gmail.com>
> To: "Bryan Glancey" <bryan at mobilearmor.com>
> Cc: <fde at www.xml-dev.com>
> Sent: Tuesday, November 07, 2006 9:51 PM
> Subject: Re: [FDE] Can you keep a secret? This encrypted drive can...
>
>
> Seagate encrypted HDDs and Vista Bitlocker is next on my list to
> evaluate. I will have to get a copy of Mobile Armor. The reason I
> didn't include them in my initial eval was that I didn't know of any
> large companies using that product.
>
> As far as I understand, Seagate's encrypted drives DO NOT impose any
> overhead, that is because it has an onboard ASIC that performs the
> crypto functions. Hardware encryptions are much much faster then
> software.
>
> Vista Bitlocker, a software based FDE solution, uses TPM to wrap and
> bind the encryption keys. Which make the key management easier or more
> transparent to the user. But being a software solution, Bit Locker,
> will still impose considerable overhead. I will publish the results
> once I am done with the eval of BitLocker.
>
> One other reader emailed me asking about how TPM will effect the FDE
> solutions. So here are my thoughts....
>
> As far as the TPM is concerned, I don't think wrapping and binding the
> encryption key using the TPM will impose any overhead, if anything it
> will be faster and more convenient for the user.
>
> Some TPM manufacturers advertise bulk encryption capabilities in their
> TPM chip, but that has yet to be exploited for FDE purpose.
>
> > Large Scale Management
> I will look into this.
>
> > Pre-boot authentication against RADIUS and other network based
> > authentication services
> Good point. I don't think there is any FDE solutions currently
> available that supports for network based auth services. Boot-loader
> should be small and simple to ensure security. Adding networking
> services might not be a good idea. Please correct me if I am wrong.
>
> saqib
> http://www.full-disk-encryption.net
>
>
>
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
More information about the FDE
mailing list