[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: Re: disks with hardware FDE]
Forwarding Peter's posting. -------- Original Message -------- Subject: Re: disks with hardware FDE Date: Wed, 09 Jul 2008 21:35:51 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: arshad.noor@strongauth.com, perry@piermont.com CC: cryptography@metzdowd.com, ekmi@lists.oasis-open.org, P1619-3@LISTSERV.IEEE.ORG Arshad Noor <arshad.noor@strongauth.com> writes: >Perry E. Metzger wrote: >> There are now a number of drives on the market advertising AES based >> FDE in hardware, and a number of laptops available on the market that >> claim to support them. >> [...] > >There is a debate going on on that list about the value of >encrypting data at the disk-drive layer vs. encrypting at the >application layer - I believe the latter is a more strategic >solution - and the voices from the Crypto forum would be >welcome on these issues. One thing about drive-based encryption is that we're been proised this since about 2000 or 2001, and it's always just another year or two away for various reasons: standardisation, host controller support, OS support, phase of the moon, ... . The current reason seems to be FIPS 140: the turnaround time for a FIPS 140 eval is significantly longer than the mean lifetime of any particular hardware/firmware config, and the cost of the constant re-evals doesn't help much either. So drive-based FDE is currently awaiting the loading of a compliment of small FIPS 140-soaked paper napkins. Until then there will be a short delay. Please return to your seats. Peter.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]