Slashdot Mirror
Why Not Use Full Disk Encryption on Laptops?
Saqib Ali asks: "According to the 2006 Security Breaches Matrix, a large number of the data leaks were caused due to stolen/missing laptops. Mobile devices will be stolen or lost, but one way to easily mitigate the harm is to use Full Disk Encryption (FDE) on all mobile devices. So, why don't we encrypt all our HDDs?"
"Cost, and performance impact are the usual arguments.
Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time. With FDE, the swap file (system's virtual memory) gets encrypted as well. This will impact the system's performance noticeably when the virtual memory is being used more often.
Encryption key & password management blues follow. What happens when the user forgets his/her new FDE password? How to manage the encryption key backup files? Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys? Who can access the system and its encrypted files? How frequently does the password need to be changed? How to prevent the user from writing the passwords down? Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!
Cost for Full Disk Encryption solutions ranges from $0-$300.
Is it not worth using Full Disk Encryption on mobile devices after all the data leaks we have seen in the last few years?"
Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time. With FDE, the swap file (system's virtual memory) gets encrypted as well. This will impact the system's performance noticeably when the virtual memory is being used more often.
Encryption key & password management blues follow. What happens when the user forgets his/her new FDE password? How to manage the encryption key backup files? Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys? Who can access the system and its encrypted files? How frequently does the password need to be changed? How to prevent the user from writing the passwords down? Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!
Cost for Full Disk Encryption solutions ranges from $0-$300.
Is it not worth using Full Disk Encryption on mobile devices after all the data leaks we have seen in the last few years?"
Proud member of the Weirdo-American community.
Hamlet: To what base uses we may return, Horatio! Why may not imagination trace the noble dust of Alexander, till he find it stopping a bung-hole?
Horatio: Huh huh huh... He said 'bunghole'.
from Hamlet, Act V, sc. i.
OSX Makes it Easy...Free. Easy to use, you do nothing.
Shit. I didn't know OSX was free. Where can I download an install set?
Thanks
In the free world the media isn't government run; the government is media run.
Or they'll be half-autistic introvert geeks that have absolutely no problem recalling 10 digit alphanumeric passwords at all!
I mean... A... friend of mine is like that! Yeah!
Beware: In C++, your friends can see your privates!
There is absolutely no need to encrypt the main hard drive. What? You afraid of someone stealing C:\WINNT?
No, but I'm sure no one wants people going through their C:\Pr0n directory.
Try fitting that sucker on a USB flash drive!
But then again, I use linux. Encryption is actually pretty simple under it for people who actually know how to admin a Linux system.
Likewise, constructing plasma weapons is actually pretty simple for people who actually know how to build compact fusion reactors.