mailing list archives
Re: Re: Why isn't full disk encryption from manufactures a slam dunk?
From: "Daniel Anderson" <dtndan () gmail com>
Date: Wed, 19 Sep 2007 11:15:35 -0500
On 18 Sep 2007 05:49:25 -0000, empfour () hotmail com <empfour () hotmail com> wrote:
If you were to have, for example, your laptop stolen, you would feel fairly confident that any information in it
protected by your full disk encryption solution (if using a strong password and/or two-tiered authentication), but
you would still change your account passwords and inform the effected people all the same just to be safe.
I think part of your answer will make for an interesting conversation...
"inform the effected people all the same just to be safe"
Is this because you do not trust the encryption?
If you transmitted this same information over an encrypted VPN across
the Internet do you also inform the "effected people"?
What about an encrypted wireless LAN?
Unencrypted across an internal corporate LAN?
I guess my thought is - If you are using a good crypto algorithm,
handling your keys properly, etc then there are really no "effected
people" from this theft.
What would your notification to them say?
"Some time in the next x# of years a major government may be able to
decrypt and read the data on the harddrive that was stolen."
I'm not sure that is useful. I think if a major government wanted my
personal (or corporate) information there are much easier ways to get
I can understand to some degree why the government does not generally
allow encryption as a destruction method for classified materials, but
that is national security information where presumably release would
cause damage (of varying degrees) to national security. (Even then,
you can still transmit classified over RF if it is properly encrypted,
and nothing is stopping this from being captured)