Slashdot Mirror
Why Not Use Full Disk Encryption on Laptops?
Saqib Ali asks: "According to the 2006 Security Breaches Matrix, a large number of the data leaks were caused due to stolen/missing laptops. Mobile devices will be stolen or lost, but one way to easily mitigate the harm is to use Full Disk Encryption (FDE) on all mobile devices. So, why don't we encrypt all our HDDs?"
"Cost, and performance impact are the usual arguments.
Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time. With FDE, the swap file (system's virtual memory) gets encrypted as well. This will impact the system's performance noticeably when the virtual memory is being used more often.
Encryption key & password management blues follow. What happens when the user forgets his/her new FDE password? How to manage the encryption key backup files? Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys? Who can access the system and its encrypted files? How frequently does the password need to be changed? How to prevent the user from writing the passwords down? Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!
Cost for Full Disk Encryption solutions ranges from $0-$300.
Is it not worth using Full Disk Encryption on mobile devices after all the data leaks we have seen in the last few years?"
Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time. With FDE, the swap file (system's virtual memory) gets encrypted as well. This will impact the system's performance noticeably when the virtual memory is being used more often.
Encryption key & password management blues follow. What happens when the user forgets his/her new FDE password? How to manage the encryption key backup files? Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys? Who can access the system and its encrypted files? How frequently does the password need to be changed? How to prevent the user from writing the passwords down? Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!
Cost for Full Disk Encryption solutions ranges from $0-$300.
Is it not worth using Full Disk Encryption on mobile devices after all the data leaks we have seen in the last few years?"
Granted, I am not encrypting the *whole* thing, but /home should take care of most of the sensitive data. I am using GBDE on FreeBSD which is strong enough for the weakest point to be the password. Yes, if I do lose the password, the data is unrecoverable. However, a simple way around this problem is to regularly back up the entire partition. The backup should be unencrypted, of course, so that if I lose my password, I can still get back my data. With GBDE, this is easily done. The encrypted data on my machine resides in /dev/da0s1g and after I have typed in the password, the decrypted content appears under /dev/da0s1g.bde - all I need to do is dump that partition.
Certainly, encrypting all other partitions would increase security, but I am feeling pretty safe as it is. Also, FreeBSD is probably obscure enough for most laptop thieves by itself :). One last thing to note is that because the file system on *NIX is well structured, there actually should not be any sensitive data anywhere in /usr anyway - just application binaries and source.
People don't like to use secure passphrases each time they turn on their computer. How many people actually used the BIOS password feature?
because BIOS passwords are extremely insecure. If were talking about mobile devices, and you have a BIOS password protecting valuable information, its as easy as removing the CMOS battery, waiting 15 seconds, and popping it back in.
An easier thing would be to use some identification based (USB fob, fingerprint scanner) access
Yes but these things are generaly expensive. When you have to buy 1000+ laptops (as I have to do) an extra $30-$40 per laptop quickly adds up, not to mention the added cost of Software (Unfortunaly, linux isnt always an option when dealing with custom propritary software required for bussiness)
The real problem normaly stems from over-zealous Managers who insist on changing passwords every 30 days, which leads to people (ie the common work drone) unable to remember ever-changing passwords. IMHO, it would be much more secure to have everyone figure out a strong SINGLE password for their important files, and not change it very often, say every 6 months. This gives them time to memorize it, and NOT write it down.
For example, i have two passwords I use everywhere, (and various modifications of such passwords for various purposes) my crap one I use for fourms, internet stuff, and my secure one I will probably take a good 10 minuites of torture to give up (low tolerance for pain
This is slightly off the topic, but in the same vein...
I continue to wonder, after every major laptop theft, why NOBODY is working on physical security.
Notebook hard drives are easily pocket-sized, and the only thing keeping the hard drive from sliding out of most laptops is the thin plastic shell of the unit. Build laptops with a very simple hinging door over the drive would be absolutely trivial. You probably also want to add thin aluminum shell around the drive to protect it from static discharge and other abuse.
Then, you tell employees to keep the drive in their pockets when they go into public. If it's really critical data, attaching a retractable cable (as seen attached to your janitor's keyring) between your belt and the drive will stop all but the most skilled, equiped and determined theives.
It's as if everyone in IT has forgotten the lessons learned from the past several thousand years of (physical) security developments.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
To encrypt entire disk it is a stupid idea. Few points:
- Performance - encrypting everything (cache, program files and so on) is a serious hit on performance, now you can say that hardware/performance it is not a problem. But don't say it to me when I see brand new laptop booting long time since you can login and launching MS Office in *few* seconds.
- Anyway why encrypt everything when it is the data (and not all of it) that you want to encrypt?
- Hassle - I mean when it is an option to just tick "encrypt my harddrive" checkbox it is paradoxically way to easy. You can imagine every clueless marketing staff member just ticking it to encrypt their worthless data. It is good that hard encryption is bit "hard" (like you need to provide a password and a key and have a clue what is going on) so people will use it only when they need it, so they will probably remember their passwords.
My boss asked me for this feature. I've just installed TrueCrypt for this. Told him to click on this icon and *remember* his password (probably he wrote it down and locked in a safe - perfectly normal and wise) so he can get his "special safe disk" for his important documents.
I'm going to use LUKS as my example, since the classic cryptoloop and older dm-crypt stuff can't do this.
The solution is for IT to have a person perform the install (already was going to be hard not to do so with the current state of installers). The IT person makes a master copy of the key using the company's chosen password, and uses a different key slot for the employee-known password. When password changes occur, IT people have to go and change the IT-friendly key slot to the new password, but leave the employee's alone. Then IT can recover data from laptops at user requests. This doesn't guarantee data recovery from a system if the user who can change the password on their own key slot doesn't want them to, but if the user wants to play nice to keep IT able to assist them it can work. If the user botches the IT key slot and needs recovery, tough. Data on a laptop in that circumstance should be relatively transient if remotely important, with the real copies on file servers where IT can manage backup and recovery as they see fit.
At work the mandate for Windows laptops is to use the built in encrypted folders mechanism, which is a lot like encfs. If they loose their user password for the account the data is gone, and this is just a fact of life they have to live with. One person went further and put some third-party whole disk encryption on their Windows laptop, a la dm-crypt, but I don't know if it is like classic dm-crypt setups where the key itself is simply a hash of the password, or if it is LUKS style, where the key is random (or at least psuedo-random) and itself is encrypted using the hash of passwords, allowing for trivial password changes and multiple valid passwords.
XML is like violence. If it doesn't solve the problem, use more.
...for a 7 week gig at a semiconductor maker. IBM (yeah, now Lenovo) Thinkpad, and I had to enter a password at boot. No sweat, they asked me to give the password to the tech who received the equipment when I turned it in, but it could have been reformatted since I kept nothing on the local drive worth saving.
For what it's worth, this gig was all wireless on campus too, with VPN inside and outside the firewalls. I'm doing a long-term gig with a major financial firm now, and they don't use FDE. And they have NO, repeat NO NO NO wireless. The security team trolls constantly for unauthorized wireless and anything that transmits is confiscated as soon as they find it - cut out and trashed.
Both these firms suffer the same risks for their data. Either would suffer financially and risk complete failure if a critical breach ocurred. Just different ways of doing things.
deleting the extra space after periods so i can stay relevant, yeah.
Encrypting your whole disk on Linux is somewhere between a minor pain and a complete nightmare. Support for it doesn't even exist on certain high-profile commercial distros (Red Hat) which you would THINK would have had it long ago because it's something their customers would want.
I had to put together my own unofficial packages to get an encrypted root filesystem on Fedora Core 5. (And then it broke on FC6, so no upgrading yet...) In theory, the support will officially be in Fedora Core 7, but there's still a bunch of code to be written between now and then.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Did you ever see the Myth Buster episode where they tried to spoof a finger print reader? No matter how hard they tried, everything they attempted worked. Yes, worked. It became a big joke and they had to keep making the method "dumber", but still it kept gaining access.
They lifted a finger print from a soda can of the "owner", then using common chemicals (like acetone), etched a copy out to a circuit board, used that as a reverse and simple ballistics gel to make a fake finger print cover that fit over their own thumb. Not something a petty thief would have, but it wasn't rocket science either. If I could get your laptop, I could get your fingerprint. Maybe even OFF the laptop. This is like writing your password down on a postit note you keep with the laptop.
Finger print readers are probably one of the worst biometric devices you can have for security. Oh, and the device they tested was a VERY expensive door lock system, not some $100 USB device.
Tequila: It's not just for breakfast anymore!
Mac OS X has had filevault for years now...
Hard Drive encryption on the fly, and "Company administrators can set up a computer-wide master password as a safeguard in the event someone forgets his or her login password. This can be useful for computer or system administrators whose users either forget their passwords or in corporate situations where an employee is no longer with the company and the data left behind needs to be recovered."
Easy solution; don't keep stuff like movies in your home folder. I can't really imagine any reason why those would need to be encrypted, and as you discovered, doing so does carry a large performance penalty.
/Users/Shared/Music and ~/Movies and /Users/Shared/Movies; this keeps FileVault from encrypting my iTunes music library or my movie collection. It also means that on a multiuser system, other users can access the movies and music, without me having to enter my password or give them access to the rest of my files. (Actually I now have the movies and music on another drive.)
On my systems, I have symlinks set up between ~/Music and
If you do it this way, FileVault doesn't carry too huge a performance hit. It also has the advantage of allowing you to back up your documents in a secure fashion pretty easily: you log in as a different user, and just back up the File Vault sparseimage as a single file.
The "do you want to recover space" logout screen is fairly obnoxious, agreed; I hate it just because it stops the shutdown process with a dialog that requires human interaction. I wish it had some sort of a 30-second-countdown-to-default timer, so that if I hit "shutdown" and walk away, the process doesn't get hung up and just sit there, unsecured, forever.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The most incredibly useful application of this is sshfs, which basically lets you mount a remote machine as a filesystem without being root (as long as the FUSE kernel module is loaded). This has caused a huge productivity increase for me.
There is also an encrypted file system that runs under FUSE
http://arg0.net/users/vgough/encfs
So, you basically can have a big encrypted file lying around which you mount as a file system when you need it. The keys are encrypted in a separate control file, so there are no unencrypted keys lying around. You need both the pass phrase and the encrypted key file to mount the big file as an FS.