[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: I don't trust FDE drives.]
Comment from the moderator of the Cryptography forum. Arshad Noor StrongAuth, Inc. -------- Original Message -------- Subject: I don't trust FDE drives. Date: Wed, 09 Jul 2008 10:30:06 -0400 From: Perry E. Metzger <perry@piermont.com> To: cryptography@metzdowd.com I've now talked to a few people affiliated with drive companies at this point. One of them seems to really know what he's doing. The rest appear not to. One has even spoken to me of keying material being protected by "what are effectively one time pads" and "trust us, this is our business" in ways that make me not trust him, or his company, at all. Based on what I've heard, I suspect that a grad student who wants a *really* good paper could probably manage to humiliate a couple of drive companies with a little bit of effort. It is likely to get you plenty of publicity. Also, at this point, I'm not sure one should trust FDE drives with data that one really cares about. Software based solutions can be much more readily analyzed and verified. They require much less trust that a vendor has done their job right. I don't think one can trust the hard drive vendors. Perry -- Perry E. Metzger perry@piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]