Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's Missing From File / Disk Encryption?

Posted by ryuzaki0 on from the features-wanted dept.

lockDrive asks: "Every month, we read a news about personal information leak. Most of the time, either a laptop or a hard disk that contains sensitive information is stolen from a government or corporate office, and the data are not encrypted. Recently, Department of Veterans Affairs had lost a laptop which contained confidential information for 26.5 million veterans. The data were not encrypted. There are many products that provide a solution to such a problem. Microsoft Encrypting File System (EFS), which comes with Windows 2000 and later, encrypts data in a file system and seems to have a decent key recovery system in Windows 2003 Server CA. Products like SecureDoc and DriveCrypt encrypt an entire disk. I have tried some of them and they are not that difficult to use. What is holding people who handle sensitive information (government, health-care, insurance ...) back from encrypting their data? Are the products still too hard to use? Are they concerned about performance loss? Are they not convinced with the security gain? Are they just not adopting the technology quickly? Is there anything missing in the technology?"

4 of 177 comments (clear)

  1. Ignorance by Merlynnus · · Score: 5, Interesting
    Clearly the problem is ignorance. And bad habits. And bad security policies.

    It's not a technological problem -- everyone in Windows & Linux land should be using Truecrypt or something similar and being smart about how they handle data. Rather it's a social problem.

  2. How about a distro w/ initial install support by Tiamat · · Score: 4, Interesting

    I would love to a see a distro, like ubunto, that would ask me if I wanted to create a small boot parition, and a larger *encrypted* primary parition, which would then install to the encrypted partiton, and finally give me the chance to burn a CD from which to boot (or USB stick if my system supported that, etc.). Then, on boot (either from the HD small boot part, or a read-only CD), I'd enter my password to access the root partition. As it stands, getting this done requires some expertise, too much time for most of us, and lot manipulating of files, partitions, etc.. Make it easy!

    1. Re:How about a distro w/ initial install support by javifs · · Score: 4, Informative

      It will be integrated in the latest version of the Debian installer, IIRC, it will be in 'etch beta 3'. Which should be available soon (check out the PartmanCrypto stuff in the wiki and the Debian Installer pages). Since Ubuntu uses a derived version from the installer, they will presumely pick this up once it is finished.

  3. Re:encryption is a speed bump. by Bazzargh · · Score: 4, Funny

    Simple, first kidnap you and your kids. Then slowly torture one of your kids to death to prove I am serious. After that you would do anything, even give up the key/passphrase to save your other kid. I am sure you can come up with several other methods that would work for people without children.

    I keep one of the twins, Alice, in the firesafe to prevent this kind of attack. Bob is kept offsite as a backup.