[127715] in cryptography@c2.net mail archive
Re: disks with hardware FDE
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Jul 9 10:57:32 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: arshad.noor@strongauth.com, perry@piermont.com
Cc: cryptography@metzdowd.com, ekmi@lists.oasis-open.org,
P1619-3@LISTSERV.IEEE.ORG
In-Reply-To: <48729135.6030507@strongauth.com>
Date: Wed, 09 Jul 2008 21:35:51 +1200
Arshad Noor <arshad.noor@strongauth.com> writes:
>Perry E. Metzger wrote:
>> There are now a number of drives on the market advertising AES based
>> FDE in hardware, and a number of laptops available on the market that
>> claim to support them.
>> [...]
>
>There is a debate going on on that list about the value of
>encrypting data at the disk-drive layer vs. encrypting at the
>application layer - I believe the latter is a more strategic
>solution - and the voices from the Crypto forum would be
>welcome on these issues.
One thing about drive-based encryption is that we're been proised this since
about 2000 or 2001, and it's always just another year or two away for various
reasons: standardisation, host controller support, OS support, phase of the
moon, ... . The current reason seems to be FIPS 140: the turnaround time for
a FIPS 140 eval is significantly longer than the mean lifetime of any
particular hardware/firmware config, and the cost of the constant re-evals
doesn't help much either. So drive-based FDE is currently awaiting the
loading of a compliment of small FIPS 140-soaked paper napkins. Until then
there will be a short delay. Please return to your seats.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
