Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's Missing From File / Disk Encryption?

Posted by ryuzaki0 on from the features-wanted dept.

lockDrive asks: "Every month, we read a news about personal information leak. Most of the time, either a laptop or a hard disk that contains sensitive information is stolen from a government or corporate office, and the data are not encrypted. Recently, Department of Veterans Affairs had lost a laptop which contained confidential information for 26.5 million veterans. The data were not encrypted. There are many products that provide a solution to such a problem. Microsoft Encrypting File System (EFS), which comes with Windows 2000 and later, encrypts data in a file system and seems to have a decent key recovery system in Windows 2003 Server CA. Products like SecureDoc and DriveCrypt encrypt an entire disk. I have tried some of them and they are not that difficult to use. What is holding people who handle sensitive information (government, health-care, insurance ...) back from encrypting their data? Are the products still too hard to use? Are they concerned about performance loss? Are they not convinced with the security gain? Are they just not adopting the technology quickly? Is there anything missing in the technology?"

9 of 177 comments (clear)

  1. encryption is a speed bump. by ecalkin · · Score: 3, Insightful

    it will slow people down. maybe long enough to recover the data or somehow make it less useful (change ids, passwords, etc). even good encryption will eventually fail. the best you can do is to make it difficult.

        on a positive note, someone suddenly looking for breaking tools might catch some attention. on a negative note, something encrypted tends to be a big red flag that says 'look at me, i was important enough to protect'.

        and one final thought: it you look at the care and attention that people pay to to security, it would not surprise me if most encrypted systems would be compromised by user stupidity (social engineering).

    eric

    1. Re:encryption is a speed bump. by drsmithy · · Score: 3, Insightful
      it will slow people down. maybe long enough to recover the data or somehow make it less useful (change ids, passwords, etc). even good encryption will eventually fail. the best you can do is to make it difficult.

      Note that when "eventually" is a timeframe measured in tens to hundreds of years, that's probably good enough for just about anyone.

    2. Re:encryption is a speed bump. by peacefinder · · Score: 2, Insightful

      I think your scheme may have a data integrity problem. It seems unlikely that Alice and Bob are identical copies, so you seem doomed to some data loss in that sort of attack.

      (Or maybe you're just using some unusual naming scheme for your kids.)

      --
      With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
  2. data loss by r00t · · Score: 2, Insightful

    Can you stick the drive in any PC running the same OS, supply your password, and get the data? If not, there's one less step before you get stuck trying to read crufty old backup tapes/CDs/etc.

  3. The real cause... by WidescreenFreak · · Score: 3, Insightful

    I think you missed the real cause -- the IWNHTM Syndrome.

    It Will NeverHappen To Me

    --
    The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
  4. What's missing? by Kalzus · · Score: 2, Insightful

    Common sense and rigour.

    I don't care if your algorithm never exposes a weakness for ten thousand years and your messages are supposedly secret for ten billion. If you keep throwing your scratchpad in the wastebasket and leaving it there, for example, then I'll probably figure out your plaintext.

    --
    "The Devil does not know a lot because He's the Devil, He knows a lot because he's old." -- unknown
  5. Re:How about a distro w/ initial install support by anti-drew · · Score: 3, Insightful

    Don't just make it easy. Make it the default. The vast majority of users start with everything at default settings. Why would you deliberately use a default which is incorrect?

  6. Key Management by gadzook33 · · Score: 2, Insightful

    Any organization handling truly sensitive data doesn't have the luxury of using third party key management. As soon as you have to manage keys, the difficulty of encrypting data goes way up. For these applications, a six letter password isn't going to cut it. Security has little to nothing to do with encrypting data. You can just as easily lock the data in a safe. If you encrypt the data and lock the key in a safe, what's the difference? There is none. People often equate encrypted with secure and this is rarely, rarely the case.

  7. Re:-truecrypt? by MacroRex · · Score: 2, Insightful

    I don't think this level of deniability can be done.

    Your system needs to know it should ask for a password before it can access the disk. How can this be done so that a third party cannot deduce from the hardware that the disk contains encrypted information? We must assume that the third party has access to all hardware including any special disk controllers, custom FPGA solutions or BIOSes. IMO this means that a sufficiently smart third party can always conclude that the system contains encrypted data, possibly even without needing to look at the contents of the disk.