|
Posted by Juergen Nieveler on July 13, 2007, 6:13 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Thanks for the warning, I was going to install it on my laptop to
> test, but I think I'll use a spare now, until I know it works! I've
> heard from other people that it is stable, and offers all of the
> requirements listed below.
FWIW, no problems at all with SGE 4.2 at our company, and Utimaco lists
a number of reference customers - some of which DID get to check the
security of SGE in much more detail than for example Sebastian ;-)
(For example, the German Army uses it, and to do so required permission
from the government data security agency...)
>> Hm... what about actual security? In terms of encryption this means
>> to only Open Source software, due to a matter of trust and
>> verification of the implementation. CompuSec has already been
>> mentioned. SafeGuard Easy has been proven to be horrible insecure,
>> f.e. not properly locking memory regions and then letting the keys
>> being swapped out.
Which is totally and utterly meaningless in a switched-off laptop, which
is what SGE is designed to protect. All full-disc-encryption packages
have the "weakness" that they allow data to be accessed when the laptop
is on (even any Linux implementation) - after all, that's what they're
designed for.
How about stopping being a troll and actually sticking to the topic,
Sebastian?
> I assumed that most of the products mentioned used at least AES 128,
> and so were fairly equal in that respect. Certainly all the
> datasheets for PGP WDE, SafeGuard Easy, PointSec & CompuSec state
> that they are capable of AES 256, and PointSec & SafeGuard say they
> are FIPS 140-2 compliant.
They are. Sebastian means that there might be a chance to recover the
key when the laptop is running - which however is meaningless in any
realistic scenario, because if the laptop is stolen while switched on,
the files are accessible anyway®, even if the most secure unobtainium-
derived open-source software is used (that of course was compiled by a
self-written compiler, as you can't trust the compiler software
either....)
> My major reason for looking into this is in the event that one of our
> consultants has a laptop stolen, and someone might be able to retrieve
> clients confidential information from the hard disk.
Which is something those packages WILL protect you against, provided
the user didn't stick a post-it with the password to his laptop.
And even then, some packages (SGE, for example) allow you to require
authentication with a USB token (Alladin eToken, for SGE) instead of
username/password - which of course would mean that you have to teach
the user NOT to carry the token in the laptop bag ;-)
Juergen Nieveler
--
Fabricati diem, Pvnc!
| 
XML site map