[FDE] FDE With RAID5 Support?

Robert Wann rwann at enovatech.com
Fri May 4 06:26:33 MDT 2007 

Hello James,

So that I understand that you want FDE on the entire RAID array (please identify if they are SATA, PATA, or SCSI drives) and you want AES 256-bit strength.

To better understand your system requirement, please educate me the following:

1. Why would a RAID 5 array, for instance, require FDE? RAID 0, 1, 10 may require as no XORed parity has been written to the disk array. However, a potential eavesdropper may have hard time in trying to discern/reconstruct the complete file/data block on one or two stolen RAID 5 disk as an evenly distributed and written XORed parity presents the bottleneck (of course, this is assuming that the entire RAID array is not being taken);

2. Why would AES 256-bit require? Why not TDES, say 192-bit strength? I would understand reason if it's only a preference and it's not from the comparison of cryptographic strength;

3. What is the "Key storage on a network appliance"?

4. What is the "hardware based key storage appliances"?

Look forward to hearing from you.

Thanks,
Robert Wann
Enova Technology
www.enovatech.com

----- Original Message ----- 
From: <fde-request at www.xml-dev.com>
To: <fde at www.xml-dev.com>
Sent: Thursday, May 03, 2007 2:00 AM
Subject: FDE Digest, Vol 8, Issue 1


> Send FDE mailing list submissions to
> fde at www.xml-dev.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.xml-dev.com/mailman/listinfo/fde
> or, via email, send a message with subject or body 'help' to
> fde-request at www.xml-dev.com
> 
> You can reach the person managing the list at
> fde-owner at www.xml-dev.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of FDE digest..."
> 
> 
> Today's Topics:
> 
>    1. FDE With RAID5 Support? (James McEachern)
>    2. Re: FDE With RAID5 Support? (James Wilmington)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 1 May 2007 04:58:19 -0700
> From: "James McEachern" <james.mceachern.qa5a at statefarm.com>
> Subject: [FDE] FDE With RAID5 Support?
> To: <fde at www.xml-dev.com>
> Message-ID:
> <9A5A271C3F73FB45A518D04979A6A556029CAE2E at WPSCV6NF.OPR.STATEFARM.ORG>
> Content-Type: text/plain; charset="us-ascii"
> 
> Hello,
> 
>  
> 
> I am researching a FDE solution for a widely dispersed network. The
> trouble I am having is finding a solution that supports RAID drives. Key
> storage on a network appliance at the home office is out of the question
> and buying hardware based key storage appliances for each office is also
> out of the question. 
> 
>  
> 
> Requirements:
> 
>  
> 
> AES-256 Encryption
> 
> RAID5 Support in a W2K3 environment
> 
> Key stored locally
> 
> Pre-Boot Authentication can be disabled (I know the security holes this
> opens up)
> 
>  
> 
> Thank You, 
> 
> James
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://www.xml-dev.com/pipermail/fde/attachments/20070501/f7bd2b62/attachment-0001.html 
> 
> ------------------------------
> 
> Message: 2
> Date: Wed, 2 May 2007 16:37:35 +0100
> From: "James Wilmington" <catchall at princesshouse.co.uk>
> Subject: Re: [FDE] FDE With RAID5 Support?
> To: <fde at www.xml-dev.com>
> Message-ID:
> <20070502154017.UEDW219.aamtaout01-winn.ispmail.ntl.com at princessf857d0>
> 
> Content-Type: text/plain; charset="us-ascii"
> 
> I am not sure about SOFTWARE packages that support RAID FDE.
> 
>  
> 
> However you could buy as many Seagate Momentus FDE.2 drives that you need.
> 
>  
> 
> These drives have encryption built into the hardware of the drive.therefore
> there is no system overhead, and you wouldn't have to worry about finding a
> suitable software solution.
> 
>  
> 
> Good luck.
> 
>  
> 
>   _____  
> 
> From: fde-bounces at www.xml-dev.com [mailto:fde-bounces at www.xml-dev.com] On
> Behalf Of James McEachern
> Sent: 01 May 2007 12:58
> To: fde at www.xml-dev.com
> Subject: [SPAM] [FDE] FDE With RAID5 Support?
> 
>  
> 
> Hello,
> 
>  
> 
> I am researching a FDE solution for a widely dispersed network. The trouble
> I am having is finding a solution that supports RAID drives. Key storage on
> a network appliance at the home office is out of the question and buying
> hardware based key storage appliances for each office is also out of the
> question. 
> 
>  
> 
> Requirements:
> 
>  
> 
> AES-256 Encryption
> 
> RAID5 Support in a W2K3 environment
> 
> Key stored locally
> 
> Pre-Boot Authentication can be disabled (I know the security holes this
> opens up)
> 
>  
> 
> Thank You, 
> 
> James
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://www.xml-dev.com/pipermail/fde/attachments/20070502/563214db/attachment-0001.html 
> 
> ------------------------------
> 
> _______________________________________________
> FDE mailing list
> FDE at www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde
> 
> 
> End of FDE Digest, Vol 8, Issue 1
> *********************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.xml-dev.com/pipermail/fde/attachments/20070504/7a765458/attachment.html

More information about the FDE mailing list