So why don't we use full disk encryption on all mobile devices?

So why don't we use full disk encryption on all mobile devices?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
So why don't we use full disk encryption on all mobile devices? Saqib Ali 10-12-2006
Posted by Saqib Ali on October 12, 2006, 10:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
2006 Security Breaches Matrix reveals that a large number of the data
leaks were caused due to stolen laptops, which can be easily mitigated
by using full disk encryption on the laptop. So why not encrypt the
whole drive? Cost and performance impact are the usual arguments. Tests
show that access time for files increases by 56%-85% after full disk
encryption. And the cost of FDE software usually ranges from $0-$300
depending on how good of a software and support you wanna get. So is it
NOT worth it?

Data from tests (performance impact) of the FDE products (PGP,
Compusec, Pointsec and Utimaco):
http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250

2006 Security Breaches Matrix:
http://www.efortresses.com/refdocs/2006-Breaches-Matrix.pdf


Posted by Jim Watt on October 13, 2006, 4:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
wrote:

<snip>

For most purposes the use of a disk password would be
give adequate protection, no overhead on legitimate use
and no additional cost. IBM laptops have had it for a
long time.

--
Jim Watt
http://www.gibnet.com

Posted by Sebastian Gottschalk on October 13, 2006, 6:01 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Jim Watt wrote:

> For most purposes the use of a disk password would be
> give adequate protection, no overhead on legitimate use
> and no additional cost.

adequate == none? Just moves the plates to another electronic board and
you've got full access. Even I'm competent enough to do that.

Posted by Saqib Ali on November 3, 2006, 9:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
OK, the review of the 7 Full Disk Encryption suites is now complete.
The results are at:
http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250

I did an analysis of various FDE solutions to find the best one for my
needs. The key thing I was interested was that it must be AES 256,
reasonably fast, inexpensive, and *offer key recovery in case of
password loss*.

Compusec is great for home / personal use. It is cheap i.e. $0.00
(Free), and does not slow down the computer as much as the other
products. But that is because it only support 128 bit AES, which is a
major drawback as most enterprise settings require at least 256 bit
AES. Compusec also has a great online support forum where you can get
your questions answered by Compusec employees and other experienced
users.

I ended up purchasing both Utimaco and Pointsec. They are excellent
products. They both support AES 256. The downside is that they are
little bit expensive (Pointsec:$170 ; Utimaco:$200) and slow.

The best thing is they both offer great password / encryption key
recovery capabilities. You can create a recovery disk with both
products.

They also offer password recovery using Challenge / Response sequence,
where the IT Helpdesk can perform a Challenge/Response sequence with
the user to help them recover the password or reset it to a new one.
Off course Challenge/Response password recovery is the NOT most secure,
especially if the user is remote, but you have the option to disable it
on the laptop if you want.
.

saqib
http://www.full-disk-encryption.net


Posted by Unruh on November 4, 2006, 4:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>OK, the review of the 7 Full Disk Encryption suites is now complete.
>The results are at:
>http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250

>I did an analysis of various FDE solutions to find the best one for my
>needs. The key thing I was interested was that it must be AES 256,
>reasonably fast, inexpensive, and *offer key recovery in case of
>password loss*.

Sorry, AES 256 why? It is idiotic in that finding a 128 bit key is simply
infeasible now and in the rather distant future.
And then you demand key recovery which means that you automatically make
the system weak. If you can recover the key, so can the enemy. Ie, it is
like saying "I want a 1 foot thick steel door for my home, and I want a cat
door in it, so if I forget my key I can reach in and unlock it. "

>Compusec is great for home / personal use. It is cheap i.e. $0.00
>(Free), and does not slow down the computer as much as the other
>products. But that is because it only support 128 bit AES, which is a
>major drawback as most enterprise settings require at least 256 bit

How in th eworld is that a drawback? Under what rational criteria is that a
drawback?


>AES. Compusec also has a great online support forum where you can get
>your questions answered by Compusec employees and other experienced
>users.

>I ended up purchasing both Utimaco and Pointsec. They are excellent
>products. They both support AES 256. The downside is that they are
>little bit expensive (Pointsec:$170 ; Utimaco:$200) and slow.

>The best thing is they both offer great password / encryption key
>recovery capabilities. You can create a recovery disk with both
>products.

>They also offer password recovery using Challenge / Response sequence,
>where the IT Helpdesk can perform a Challenge/Response sequence with
>the user to help them recover the password or reset it to a new one.
>Off course Challenge/Response password recovery is the NOT most secure,
>especially if the user is remote, but you have the option to disable it
>on the laptop if you want.

And now you tell me that a third party also has your key as well? Sheesh.


>.

>saqib
>http://www.full-disk-encryption.net


Similar ThreadsPosted
Full Disk Encryption Survey July 9, 2007, 1:56 am
U.S. Gov't to use Full Disk Encryption on All Computers December 29, 2006, 5:35 pm
What is the earliest version with full harddisk encryption (not only files) ? July 27, 2005, 9:05 am
Searching tool for FULL disc encryption (not only volume files) July 28, 2005, 11:06 am
Mailing List dedicated to Full Disc Encryption use and implementation strategy October 1, 2006, 7:28 pm
Disk Encryption with TrueCrypt and Backups December 28, 2008, 3:38 am
Recommendations for hard disk encryption tool? July 26, 2006, 9:08 am
remote access solution with mobile phone / SMS-based authentication? December 19, 2005, 4:43 am
Blackberry Devices - Security August 13, 2004, 11:28 am
Disable devices in code May 4, 2006, 4:39 pm

The site map in XML format XML site map

Contact Us | Privacy Policy