Maybe common disk encryption is so compromised, there's no point to implementing?

Andrew Lentvorski bsder at allcaps.org
Sat May 3 14:39:08 PDT 2014


This is one of the standard errors when talking about security and
encryption.


Define the threat you protecting against.


1) Can disk encryption protect against someone stealing the machine.
Yes.  Absolutely.

2) Can disk encryption protect against someone scanning your drive after
you throw it out.  Sure.

3) Can disk encryption protect against someone who has access to the
running machine?  Probably not.  But that's a *really* high bar.  I
can't think of many systems that could pass that level of scrutiny.

4) Can disk encryption protect against the NSA trying to crack your
disk?  Probably not.  But if the NSA is out to get you that badly,
you're hosed anyhow.


For those of us who manage machines in the corporate world, 1 & 2 are
far more typical threats.

Someone gets their laptop stolen.  IT throws out disks without wiping
them.  Someone comes in through the fire exit and steals a couple of
machines for corporate espionage (happened to me).  Those are fairly
normal scenarios.

-a

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
Url : http://www.kernel-panic.org/pipermail/kplug-list/attachments/20140503/bb0f981f/signature.pgp


More information about the KPLUG-List mailing list