Windows Encryption Software

Chad Dailey nanog at thedaileyplanet.com
Fri Dec 10 18:16:46 UTC 2010


http://xkcd.com/538/

On Fri, Dec 10, 2010 at 9:58 AM, William Herrin <bill at herrin.us> wrote:

> On Fri, Dec 10, 2010 at 8:21 AM, Florian Weimer <fw at deneb.enyo.de> wrote:
> > Software-based solutions have the advantage that they are somewhat
> > more testable and reviewable.  If it's all in the disk, you can't
> > really be sure that the data is encrypted with a static key, and the
> > passphrase is used for access control only.  The latter approach seems
> > to be somewhat common with encrypting storage devices, unfortunately.
>
> It's not just common; it's the official standard. The API doesn't let
> you set the key or read the bare data. It let's you input a password
> to unlock both drive and encryption key and it let's you tell the
> drive to generate a new encryption key ("cryptographic erase"). So
> yes, you have to trust that the manufacturer is doing what they claim.
>
> This caused me some concern when I first got it, but at the end of the
> day I'm not trying to protect my files from someone with the resources
> to reconfigure hard drives in a way that allows them to go after the
> raw data without entering the password. I'm trying to protect them
> from the casual roadside thief.
>
> -Bill
>
>
>
> --
> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
>
>



More information about the NANOG mailing list