Slashdot Mirror
Resisting the PGP Whole Disk Encryption Craze
alaederach writes "I run a lab in a non-profit academic life sciences research institute. Our IT recently decided it would be a good idea to use PGP whole disk encryption on all of our computers, laptops and servers and picked PGP's suite of software. The main reason is that a small subset of our researchers work with patient information which we obviously are mandated to keep confidential. My lab does a lot of high-performance computational work (on genes from Tetrahymena, no humans here) and I am concerned that the overhead of complying with our ITs new security policy will be quite detrimental to my research program. For example, dynamically reallocating a partition on a PGP encrypted disk is apparently not possible. Furthermore, there is some evidence that certain forms of compression are also incompatible with PGP whole disk encryption. Interestingly, it is hard to find any negative articles on PGP, probably because most of them are written by IT pros who are only focused on the security, and not usability. I therefore ask the Slashdot community, what are the disadvantages of PGP in terms of performance, Linux, and high-performance computational research?"
Truecrypt Whole Disk Encryption has less than 1% over head. I can't see the problem. Surely the patent and IP information security outweighs this minimal overhead.
Whole disk encryption is excellent for security, but it will bog you down in disk access times. Depends on a lot of things, but reading and writing files can slow down up to 50%, but usually the slow-down is much less. If you are doing something that involves a lot of disk access and it doesn't need to be encrypted, then create a special, non encrypted partition for that.
Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
Perhaps one answer for storing data securely, but allowing it to dynamic expand is to create a PGPDisk that is dynamically expanding. Then, the data in can be safe, but the file can be moved to bigger RAID arrays if need be.
An IT policy is a general rule which has to be interpreted and adopted. It's not supposed to be followed by the letter. Ask your IT department what they want to accomplish with the policy, and how you can help them accomplish that without having your work ruined.
Surely what is required is to isolate the sensitive information, so that it can be protected.
Blanket encryption may impress some people, but it hardly solves the problem.
Details of how to implement isolation and protection would depend on the data, and which subsets are used in the calculations.
Stephan
http://stephan.sugarmotor.org
You've got a good case for an exception from this policy. Just follow the exceptions process and have your management sign off on the risk. Case closed.
Do you have any numbers to back this up or are you just repeating common knowledge from decades ago?
TrueCrypt claim a 1% overhead. With multi-processor machines, I doubt that's even accurate anymore.
How we know is more important than what we know.
It will take longer time to read/write and the CPU will also take a hit.
what are the disadvantages of PGP in terms of high-performance computational research?
O(1) ;)
Here's a brief experiment I ran: dd if=/dev/zero of=/home/jonas/zeroes bs=1048576 count=1024; that is, writing one gig of zeroes to a disk encrypted with ubuntu's disk encryption from the 8.04 alternative installer.
I saw a roughly constant ~30% CPU usage from kcryptd, going from 25% to 35%, on a 2.13GHz Pentium M (in a thinkpad t43p). So I have 1.5 GHz worth of cycles left.
Hard disk write speed was about 30 megs per second, but oscillating in big leaps. I did my observations with conky, sampling in one-second intervals, but conky is known to sometimes merge two samples. That's probably not the only factor, disk writes are most efficient when clumped together into one big (much preferably sequential) write, so I'd assume the kernel does this.
You haven't told us what your disk usage patterns are. But if you're doing one big read, one big computation, and then one big write, there's going to be zero impact (almost): there was lots of CPU capacity left.
Another low impact scenario is that you have a server that reads work units from disk, hand them to clients, gets results and writes the results back [I assume clients don't need any disk activity]. There you can read a bunch of work units in advance while the server is idle, then hand them out instantaneously when needed.
Aside: bugger, fault in my experiment: I didn't look at the CPU usage of kernel code that's not in the process table. Take what I say with a grain of salt.
But: do the measurement in your own world. My software, hardware and artificial measured usage pattern may differ from yours, subtly but enough that my conclusion doesn't transfer. Be scientific about it :)
It took 2 days to encrypt an entire 160gb ide hard disk with a K6-2 400mhz processor, and afterwards the computer could only server files at about 400k per second. With a 2ghz processor the performance difference is negligible, and could serve at full speed with only tiny cpu usage. So I think full disk encryption overheads is irrelevant on modern cpus.
As for not being able to resize a partition, well that's good because if your hard disk is to contain anything of importance then you would have to be inept to resize partitions and expect data to maintain it's integrity, no matter what the file system format or brochures on partitioning programs try to tell you.
True. I have serious doubt we even need hardware RAID anymore with current CPU speeds. A few % overhead does not seem much.
I know we've had significant problems trying to roll out whole-disk encryption. Unless it's necessary, I'd say stay away from it. Of course, for sensitive information and travelling, it's almost a necessary evil these days.
in these type of departments all the computer are on all the time anyways and whole-disk encryption is 100% vulnerable to hard-boot attacks. It may be remotely useful on laptops but for desktops its entirely useless
if you want to actually protect your data you need to encrypt only whats sensitive and only mont it when neccicary. also PGP is closed source and what are you going to do if they stop supporting, use truecrypt or LVM, etc. Also dont neglect network protection where the real data is stolen
Good question! It's nice to see something of this caliber on Ask /. for a change.
I have no clue what the answer is, though.
All rites reversed 2010
Put sensitive data on a seperate partition and encrypt that, together with your swap drive. Problem solved. Leave everything else unencrypted.
Furthermore, there is some evidence that certain forms of compression are also incompatible with PGP whole disk encryption.
What do you mean by "incompatible"? At first glance, you seem to mean that there are certain file formats, making use of compression, that cannot be stored on the encrypted drive. That certainly can't be true.
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
"Furthermore, there is some evidence that certain forms of compression are also incompatible with PGP whole disk encryption."
Well, you won't be able to get much compression if you try to compress the PGP encrypted disk, but surely you can encrypt all compressed files since they're still just data.
Sorry, they "claim" that.
But on my core 2 2.4 Ghz machine, windows boottime more than doubled after encoding the system partition.
Yeah, i can get 100Mbyte/s linear reads and writes.
But for some reason, random or semi random access get hosed quite a bit.
Maybe it messes with the comand queueing, or the internal prefetch alorithmns, i dont know. Never had a problem on data partitions, but the performance impact on the system drive was enourmous (up to the point that even with 6Gbyte RAM, it wasnt fun anymore)
Ah, and i forgot one thing: the 100Mbyte/s is nearly 100% cpu load on both cores. I dont know where you get 1% overhead from... Even the in-memory benchmark only gets about 150Mbyte under full load on two cores.
S
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Do you have any numbers to back this up?
Here's some numbers: http://ask.slashdot.org/comments.pl?sid=1012285&cid=25566509
Make of them what you will :)
Their product doesn't seem to run on Linux.
There is better, cheaper F/OSS software to do the same thing though; Ubuntu and FC9 already include a whole disk encryption option at install. (It's better because it's much less likely to have an NSA back door, although obviously never completely certain).
As for performance, when I tried it (luks encryption) on a desktop machine, it wasn't noticeable; but I wasn't moving hundreds of gigs around.
The question now is what are they trying to protect. Encrypting laptops is sensible, and in fact, given how easy & cheap it now is, it's rather stupid not to do it. On desktop PCs, it's not that clear. Whole disk encryption will only protect you against someone with physical access to the machine turned off. It certainly won't protect you against trojans or browser based vulnerabilities. So the question is, do random strangers roam your offices?
And encrypting servers/clusters? That's just silly; unless you expect the men in black to storm in your building.
Positive:
- added security
Negative:
- worse performance
- you may forget the password (it has happened before.)
- has to be mounted manually (or at least type in password each time you need access to the data.)
- it's painful to backup
- it's painful to do a proper file systems check
- if the discs are somehow taken by the authorities you might have to give up your password (or be sentenced for whatever they think you have on the discs.)
- discs are only secure if they are not mounted.
There are a few negative sides, but usually they make up for the positive, i.e. if you really need the security then of course this is the way to go. Also remember to secure the other aspects of the machine, like physical access (including fire/theft), software protection (anti malware and virus) and network protection (firewalls, etc.)
we're selling a different solution, but some remarks from our real life experiences:
Sincerely yours, Martin
Don't go against the grain entirely, only encrypt partitions and folders where user data and profiles are stored.
Get in touch with the policy makers that you want an exception clause in the policy for research/lab computers.
I'm sure can email, call or talk to someone. Get some allies on that, get involved with the politics a little and youll save yourself trouble later on.
I'd probably even suggest to those policy makers not applying the FDE policy to stationary computers at all.
After all, if it's in the office, physical security should suffice to prevent someone from the outside accessing.
And if it's a disgruntled/bored employee, heshe will have passwords anyway, so FDE won't do much in such case.
You cited an extremely brief review about a 1.0 product on Windows 95 as evidence that 'there might be problems resizing a partition'?
Whole disk encryption or an encrypted volume should be mandatory for your confidential data on a laptop. For windows, use PGP, it's fine, or use truecrypt, which is fine also.
For linux, use a dm-crypt volume or (again) truecrypt if you care about moving your data to windows - you'll be within the spirit of the security policy and won't notice the difference.
You're wasting your time, however, putting disk encryption on a server thats in a locked computer room or data centre - no one will be around to decrypt the volume after a reboot or crash, or you'll sticky tape the passphrase to the machine, so if it's stolen you are still hosed.
Don't leave servers in public areas though!
Having just spent about 18 months working with highly clustered HPC the answer is your milage will vary. On your own laptop, even dual core, ... you have (a) anonimised the entire data-set and you probably have (b) zero processing cost.
this is a silly idea, encrypt just what you must and de-/en- crypt it once as part of the JOB; no on the fly especially if your problem uses n000 giga-bytes of data; in an RDB encrypt just the appropriate column. E.G. if, for patient data you encrypt the Name/Address
En/De- crypting cell data for the Gas or Elasticity equation or the intermediate results of a stochastic process is a waste of time.
If you are into heavy-metal c 1000 Barcelona level cores, then your storage architecture may/will be doing its own thing and that may encrypt everything but with such an architecture that will be done in the DISK CONTROLLER not the application CPUs.
The point is (a) if you travel, or (b) you have some sensitive data on a mobile device _DO_ encrypt it --- it will save you and your organization from much cost and _egg_on_face_.
"Marketing is not a science even if its an Open Source project"
Run some tests on a drive. Run TrueCrypt, re-run the tests, look the difference in CPU load and performance and then try and work out where the 1% number comes from.
Personally I think its based on averaging time across when you aren't using the machine.
An Eye for an Eye will make the whole world blind - Gandhi
If you do encrypt why use PGP? It costs money and its proprietary. Use Truecrypt which is free and open source, does whole disk encryption which according to this can sometimes actually *boost* performance. I use Truecrypt daily and its awesome. http://en.wikipedia.org/wiki/Truecrypt#Performance http://www.truecrypt.org/
TrueCrypt claim a 1% overhead. With multi-processor machines, I doubt that's even accurate anymore.
Yeah - with version 6 of TrueCrypt, they introduced support for multiple cores, with almost double speed on a dual core system over a single cores system.
I use a TrueCrypt encrypted USB disk to store and run VMWare virtual machines and I see no difference in speed over using a non-encrypted USB disk (same model).
The numbers on my machine are about 20% slower read and 30% slower write. I'm using 256 bit LUKS with serpent-xts-essiv:sha256.
Might I also suggest hardware encryption? Seagate (and others I believe) make drives that do AES128 (good enouhg for this sort of thing I believe) in hardware. Zero performance hit. No software required. Set a drive password and go.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Current optimized kernel versions of AES manage about 50mb to 60 mb/s on a 3ghz cpu. This _maxes out_ the core on which the IO thread is running on. This is not a linux-specific quirk, but just plain mathematics. AES is fairly expensive, and neither blowfish nor twofish are faster by any meaningul value. If you're not blessed with a multicore CPU, full disk encryption will most certainly crawl your whole system down when you do anything disk-serious; and even with multicores, your system will be sluggish in the worst of times when you do heavy IO (think: the keyboard irq handler not caaaaaaaaattccchhhhing up.)
You can have yourselves one of those PCI encryption addon cards (Soekris sells some), but their bandwidth is very limited as well (155mbps, last time I checked).
Consider carefully if you want privacy, or easy throughput. You can't have both right now.
Get two identical machines. Put full disk encryption on one, run you app on both with the same dataset. Then you will know if it's worth kicking up a fuss over. Though if you can't do this little bit of research, I suspect genes may be a little complicated for you too.
http://davesboat.blogspot.com/
I've worked with people during various research projects who decided to encrypt, for some very good reasons. I've had one admin die, and one researcher have a stroke. In both cases they had information necessary for the project that nobody else could get to, even when their hard drives were retrieved. The results are that after several years, the stuff is still sitting somewhere unusable because the people who attempted to get to it were stymied. Enforcing PGP on an entire network could multiply this problem. I would think that enforcing PGP on users not needing it would be a royal pain for them.
What we've done and thought of since:
Have only those with sensitive information encrypt. Have them work on machines not connected to the net. If they need net access, have them connect only for the time necessary, and mandate pre-encryption back ups prior to connecting.
Preferred, but resisted, keep the sensitive machines off the net and have the researchers connect to the net via a different machine without the sensitive info on it. If they want to use it for transfers of such info, make them use sneakernet between the sensitive and connected machines. In this scenario, they only need PGP for what they're going to transfer to the connected machine and thus to outside. Both admins and researchers expect full connectivity throughout their net, but the best security is a nackered line.
I use the sneakernet method exclusively. What I transfer when necessary is hundreds of MB to tens of GB of data. It takes me 10 to 30 minutes to encrypt, burn the data to DVDs and carry it to the connected machine. Like most researchers, I'm busy and don't want to spend my time doing this, but I have assistants I can put the task on.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
For my company, data has to be kept secret. Yet we do not do encryption. The fear for corruption of data is far bigger than the chance that a cracker gets access.
As to personal experience: With TrueCrypt, changing between accounts (on a Mac) with TrueCrypt open can wreak havoc. The data can be copied but the secure thingie has to be re-created from scratch. We cannot have encryption working properly 99% of the time. It must be 100.00%.
Bert
There are several reasons why a policy of having all disks encrypted is bad:
1. Sensitive data should not be stored on a computer that can be carried away or easily accessed, with or without encryption.
2. Blanket security measures just means that the employees will find ways around them which usually means that you probably end up with bigger security problems.
3. Failing or failed disks goes from a serious problem to a critical problem for recovering data.
4. If you are running I/O "happy" software you are going to take a perfomance hit.
5. It's not a "green" solution since the encryption is done in software and the computer is going to use more power.
Oh, and let me re-iterate: Sensitive data should not be stored on a computer that can be carried away or easily accessed, with or without encryption. Just look on how MI5 left laptops all over the place.
The policy we use when working on sensitive data is that it's all stored centrally with rigorous security measures for accessing it and the only way to access the data is through a Sun Ray thin client. That way we minimize the risks for electronic information leakage, ie. someone mailing information etc.
--- Reality doesn't care about your opinions, it happens anyway and if you are in the way you'll get squished.
My concern with encrypting an entire disk would be fault tolerance. If a sector goes bad on a non-encrypted drive, you might lose a file. If it goes bad on an encrypted drive, do you risk losing more data or even the entire drive?
Of course, one could say that's why you make backups. But presumably the backups would also be using encryption. Therefore, they would be susceptible to the same effect. If there is a greater chance of total data loss on each device, the chance of multiple device failures leading to unrecoverable data also increases.
That is interesting - if the overhead was really 1%, then why even bother with optimizations for multi cores?
The other thing I cannot understand is why anyone would want to run whole-disk encryption on a compute server. Even the US DoD machines that are used for classified research do not do this!
It is impossible to compress encrypted data, or at least data that are properly encrypted. If properly encrypted, the resultant cyphertext should be completely random - any patterns mean it is pseudorandom and thus not properly encrypted (by "proper" I mean unbreakable by means of cryptoanalysis, for example a simple substitution cypher does not result in an even, random distriubtion of letters - there will be more of the letter that represent "E" than the letter that represents "Z"). It is impossible to compress completely random data. As such, it is impossible to compress properly encrypted data, since it should be completely random. For this reason you cannot compress a PGP encrypted file (or hard drive, for that matter) since the cyphertext of the PGP encrypted file is completely random data, even if the plaintext is nothing but the letter "W" written over and over again ten thousand times.
Stupid people make stupid things profitable.
I'm not sure that assuming that just because somethings done in hardware, that it happens in zero time (or even near zero time) is at all accurate. A review I read of a different encrypted drive, said it was 5-10% slower than it's non-encrypted equivalent. It wasn't the Seagate you're talking about, but I doubt that even hardware encryption can do it instantly, so I think your "zero" is an exaggeration.
The FBI has already demonstated that it is extremely easy to bypass the security on those drives. I would not use them.
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
Maybe they got to 1% by using multiple cores?
I think multi core processing was easy to implement (it's a block device after all, you can separate it easily if you choose the right mode of operation for your cipher).. They also implemented AES in assembler to speed that up.
Linux software RAID 5 uses 2% CPU under heavy load.
Given the fact that you can always recover your data with any Linux livecd gives it a definite edge over a hardware raid solution where you need a similar model to read the data.
From me going to a fully encrypted machine I'd estimate the impact to be about half a Moore. That is, assuming you're replacing hardware with current all the time you'll see a net zero gain for a year and from there it'll be business as usual. I haven't been doing any high-performance scientific benchmarks but even when playing a 1080p movie with torrents running in the back, it runs just fine and it's as intensive as any normal desktop is likely to be. I'd say you're worrying too much, check it out and if it really bogs you down put up a business case that says one of three will happen:
a) Productivity declines
b) Get an exemption
c) Get new hardware to make up for it
Just make sure to put a dollar value on it so the PHBs understand what you're talking about, and I'm sure this will work out just fine.
Live today, because you never know what tomorrow brings
Presumably, he meant that encryption done on the disk itself is transparent to the rest of the computer. What you see is a comparatively slow hard drive, not the existing resources (ie, CPU) being eaten up by the encryption job and low disk throughput. Same all other dedicated controllers: you're offloading processing to a dedicated chip, so, for the purpose of generic programs on the CPU, you can assume there's no performance hit.
It may incur overhead but it need not. Consider that you don't need "instant" encryption, you simply need a device inside the hard drive between the computer interface and the actual storage medium that is capable of encrypting and decrypting at or above the drive's maximum throughput speed. This need not be "instant", it merely need be fast enough block-by-block to pass the data along. Consider that hard disks store data in blocks, not streams.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
My workplace recently mandated that all laptops/portable media be encrypted. The impact to the system cpu usage isn't that significant to be honest, except when attempting to access, say, USB drives.
What's more important is the reliability of the disk itself.
As everyone knows, drivers shipped with laptops tend to be the first casualties of boot-sector-loading programs, like disk encryption and certain virus scanners.
Guess what happens when your encrypted disk can't be booted? You can't boot under a windows/emergency restore disk, because your partition is not readable. You can't boot off anything other than the hard drive. Guess what happens if the corruption doesn't allow you to run the encryption app's boot loader? Only solution is to format the disk.
Some of us who have been hit by this already have gone through the trouble of ensuring that any data we want to keep is stored on a shared drive, and that all work is done in a VM, which is occasionally uploaded to the shared drive as well. Since any given windows or driver-affecting update could kill our machine at any minute and make it entirely unrestorable, that's what's required.
So in essence, we're switching back to storing the media on a non-encrypted device because the loss of the data is more important than the security of the data.
This reminds me of the policies surrounding passwords I've seen at many companies; limiting the set of choices by making password creation requirements, and forcing them to change so often that people end up writing them down and leaving them on their desk. Defeats much of the purpose of having them in the first place.
I know a guy who works in IT at Decode that works with human genetics. They have a strict policy on fully encrypted disks, passwords on everything etc... The founder Kari Stefansson was really annoyed because of all this, but like a typical professor he loses his laptop every few months so good thing there's a double encryption.
If you see a big performance hit you should look at more hardware rather than resisting the protection.
IMHO confidential data should be encrypted! How often do we see news on slashdot where people lose unencrypted laptops with highly confidential data. Encryption should be mandatory regardless of the performance hit when dealing with confidential data. It's like going to a $7 hooker without using a condom and risk not getting an STD.
"those drives"? as if they're all the same?
Come come. Software encryption is trivially vulnerable to a coldboot attack.
In any case I'd want to see a link, you can't lump all "encrypting drives" together as if they use the same method (unless they do).
Of course, I wouldn't really be surprised if it were breakable, I'd simply like to see support. Me, I use hard and soft becaues I'm just tinfoil like that. Don't even have anything to hide either, just like my privacy.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
At some point it's cheaper to pay for armed security guards and cameras and put them in a fortress. Encryption for laptops that ever leave the building is a no-brainer. Desktops in offices I can see argued either way.
Let's build a Beowulf on LUKS!
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
In the time you spent writing this post to Slashdot, you could have written a friendly letter to your IT department stating that you want some machines to not use this encryption, because these machines need maximum performance and anyway do not store any kind of personal information.
Every expression is true, for a given value of 'true'
...because doing so makes the crypto easier to crack. The attacker can compare the plan text with the encrypted data and reverse engineer the key. So your data may actually endanger the small amounts of sensitive data you actually carry.
http://michaelsmith.id.au
I, for one, welcome our Tetrahymenian Overlords!
Don't be apathetic. Procrastinate!
The only protection that Full Disk Encryption gives is if someone physically gets their hands on the machine that they can not boot the machine and read its contents. This make perfect sense for laptops but makes little sense for any pertinently fixed location workstations. A laptop will physically leave the premises so it leaves itself open to theft, but a workstation (assuming you have some decent form of physical security) is much less likely to need this protection. Once a workstation is booted and the disk drive unlocked digitally then any hacker that gets a foothold on the system would then have access to it, so all that overhead of full disk encryption does no good unless the encryption is done per-user-session. When you need assess to the data you authenticate and start decrypting then, and keep it encrypted across the network. Yes, that data that you speak of should be encrypted, but you must encrypt it at the correct level to actually increase its security rather than just slowing down the machine. Anything short of that level of control and you are just fooling yourself into thinking you have protected the data. Fool-Disk-Encryption is not always the answer.
I work with the DoD on a classified program. You're right, we don't use encryption on any of our desktops, but the only reason is because you go through 2 security gates with guards, then finally enter a closed room with a giant digital lock with a badge swipe and keypad on the door, not to mention a giant separately digitally controlled deadbolt in addition to the digital lock.
You better bet your ass that we use whole-disk encryption on any machine that would leave the building, though (such as laptops). And those are unclassified!
The submitter is in a research institute. Some labs in that institute have patient data, and therefore require significant security like disk encryption.
His lab works with a protozoa, and has massive computational requirements. There will never be any patient data near his lab, because the people who work with patients are in a different lab (think different department in business). They do not need disk encryption.
You say Truecrypt has "1% overhead", PGP presumably has some other "% overhead." The submitter is asking what the details of that overhead for PGP, truecrypt etc are. Whats the CPU usage, memory usage? Are disk performance penalties constant, or are they dependent on average file size, number of files, format of those files, etc etc etc. "1% overhead" may hide whopping huge performance penalties for specialist users.
Mostly personal observation. I am not using truecrypt, and I only have one core. On my machine, my encrypted drive is about 20% slower than my regular drive. I have done timed trials. I read 50% some time ago, but had never seen that big of a hit, so I that's why I said "up to" 50%.
Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
I have serious doubt we even need hardware RAID anymore with current CPU speeds.
At some point in time I believed the same thing. I did a test a few years ago to see if it's still worth it to bother with hardware RAID and configured an system with linux and software RAID.
This was for a fileserver in a high performance cluster so speed mattered. I don't have the exact figures here right now, but from what I remember two years ago the software RAID solution was between 7 and 15% slower. Once you start hitting the performance limit your processes hit I/O wait and your performance goes down. When I added LVM to that back then performance got shot to hell.
Now, it's not as bad as it seems, you still get decent performance (especially considering that your setup suddenly costs a lot less and can be done on commodity hardware), and with a fair bit of tinkering with blockdev and your read-ahead buffer (provided you have enough RAM, and your usage fits that particular pattern) you can still get some very nice performance.
The reason that we went with hardware RAID in the end was because hardware RAID isn't all that expensive, and the performance gains were noticeable especially on systems that have to run 24/7 at maximum throughput.
Again, for consumer systems and services where performance isn't a primary concern software RAID is an attractive option, especially if you're on a budget.
As for overhead with encryption: it would make a nice experiment but I think 1% overhead is very optimistic especially on a busy system. The only way to be sure is to compare your performance now to the performance when you encrypt the entire disk. The only time I tested truecrypt I got a throughput of 80MByte/s, while unencrypted I got 120MByte/s, and it's been a while since I tested this. Those truecrypt tests weren't finetuned either, it was basicly a test to see if it was easy to implement.
Anything I mention here has to be taken with a grain of salt since a lot of time has passed and a lot has changed since those tests.
If policy dictates that you have to setup X, the best way to become an exception to this policy is to prove that that policy is detrimental to your project and might end up costing a lot of money. Policy doesn't care about performance, but it cares greatly about money and lost time. Do your tests, do the math, add a pricetag and talk with your manager.
Very often it is management responding to outside influences such as bad press or legislation that prompt the implimentation of whole disk encryption security. No sane IT department takes on the responsibility of whole disk encryption across the whole IT inventory without good reason or suitable resources and funding.
Exceptions can be made for individuals but if you are looking after a sizeable IT inventory it becomes prohibitively expensive to manage security on a case by case basis.
Excellent products, like truecrypt, are designed for personal workstations and lack the enterprise management tools you need when performing mass rollouts and configurations not to mention future management of passwords and data recovery requests. Thats why PGP has become an industry standard.
The marginal loss of performance experienced by the encryption overhead both in termas of performance and hassle of management needs to be offset against the organisations requirments for encryption to comply with legislation or to counter corporate espionage.
If only people were trustworthy and the world was a nicer place then we wouldnt need it at all but to quote Gunnery Sgt. Hartmann "If assholes like you didnt leave footlockers unlocked there would be no thievery!" (Not verbatim, I know, but apt!)
Quidquid latine dictum sit, altum sonatur.
I wasn't even talking about desktops though, I was talking about compute servers! I have used a few clusters at LANL, and yeah they have separate classified and unclassified machines (or sometimes, sections of machines) that are partitioned off for classified work, but even the classified part never (as far as I know) uses whole-disk encryption. The original question specifically said that they were intending to encrypt their servers as well.
I used to have my laptop hard disk encrypted (using LUKS) but the hardware is getting pretty old now and I was starting to have problems with timing-sensitive applications such as audio and video. I think it was more bad timing interaction between the crypto layer, LVM, ext3 and the memory cache than raw throughput issues. I had a lot of layers and they weren't quite talking to each other right. Most of the time this was fine but occasionally it would add a tiny bit of latency to a disk request and audio would skip or video would jitter. It drove me round the bend.
Now, with everything else the same but minus the crypto layer things are much better. My laptop isn't as secure but then again I don't move it around nearly as much any more and don't have that much of worth on here anyway. Whether or not to apply something like this depends entirely on the situation.
It's just enough to forget to destroy a data printout!
Security in companies and institutes is also in procedures, as encrypted data will eventually get unencrypted for work. From there on poorly designed procedures will defy the encryption.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
My windows work laptop went from a fast little Duo Core fairly recent Dell which was quick but felt pretty damn cheap to a complete slow dog.
Not sure if its the software my company used or if its the disk IO overhead or what.
I do know after encrypting my entire disk I now get the PGP login screen immediately after the CMOS screen and before the Windows loader. No Problem.
The real problem is after that. The minute Windows loads up the disk starts churning and barely ever stops.
It just churns and churns and that little hd light just keeps going and going.
And everything just slows right down after that. Oh yes I am not the only one saying this either. Almost everyone reporting the same sort of results.
I actually thought it was a good idea - considering the amount of travel many deployment personnel in my company commit to in a year.
But do your research.
Try out whatever solution with your heavy hitting power users.
Don't settle for security that hampers performance.
ACK
[...] it is hard to find any negative articles on PGP, probably because most of them are written by IT pros who are only focused on the security, and not usability.
What you mean they care not or usability"?????
What about the nice view on crematorium out of your safe and secure cell??? with the nice blue smoke of burning bodies of idiots who doubted guards abilities????? That high electrified barbed wire fence looks sooo sexy in the night under lights of nazi guards' lights. And in the concentration camp they also allow you whooping five(!!!) minute walk!!!!!
What could be better that be safe and under watchful eye of trained professionals???
P.S. On serious side though, you might have not found any sensible articles on PGP whole disk thing because nobody uses it. I knew couple of people in past who for that whole purpose were installing Linux. Yet, their setup was much much more saner: standard Linux setup (bunch of normal partitions) + encrypted partition for sensitive documents and /tmp + disabled swap (lots of memory was installed on the notebook specifically for the purpose).
All hope abandon ye who enter here.
I don't understand people who think that if they encrypt something it automatically becomes secure. For that data to be of any use to someone it will need to be decrypted and relevant people given access, so that destroys the notion of defacto encryption for security right there.
Encryption assumes that bad people are going to get access to your data whatever happens, and if you are using whole disk encryption then you really need to be seriously asking yourself who has physical access to your disks and where your data is located. That needs to be sorted out first, and once it is with data held centrally, I doubt whether disk encryption will be needed. You will probably need some form of encryption between the data and the remote users though. Using full disk encryption gives you something else to go wrong, is a variable in performance impairment you probably can't account, is something else to support for and will almost certainly be unnecessary once you've taken other steps first.
If you're keeping confidential patient information where it would be a Bad Thing(tm) if it ever got mislaid (even if it is encrypted, you don't want a computer with stuff on it lost I assume), in the name of all that is holy, please centralise your data and vet access. Stop people from passing around Excel spreadsheets of data, regardless of when and how it is encrypted.
I really am aghast as to how stupid people are about how and where their data needs to be protected. PGP is the wrong solution here, if you can call it a solution.
I use hard and soft becaues I'm just tinfoil like that. Don't even have anything to hide either, just like my privacy.
So you take a fairly large disk performance hit - and even lose some CPU time - for absolutely no reason? That's possibly the most cleverest thing I've heard all year.
Are you actually the guy mentioned in the summary who is forcing all these computationally intensive research departments to encrypt their disks for no reason?
which is totally what she said
Which hardware RAID did you pick? Did you avoid RAID 5?
Most built-in (PCI-X, PCI-E etc) SAS/SCSI RAID solutions are completely useless for RAID 5.
Finally! A year of moderation! Ready for 2019?
actually there's not much disk hit. The CPU loss does exist but isn't awful. I don't do anything that computationally intensive on my laptop.
I ran quite a few tests on my solution; I don't really care if some other software costs you 50% overhead and makes it impossible to use compression software [impressive kernel hack?], for me I lose about 20% write speed 30% read speed, and that's only for sustained read/write.
Day to day use? Didn't slow down a bit. Just as responsive. Battery life? Lost about 10 mins. CPU? Still idles at 0.00.
The cost to me was $20 for the encrypting hdd (that's the differential) and a bit slower for copying massive amounts of data. The upshot? When my laptop with all my financial documents, years of personal email, credit cards, and login credentials for root on some servers I'm responsible for was stolen last year, I lost no data and no one else gained any. The Debian ssl bug hurt me more than that loss (the laptop was actually insured).
The benefit to my using encryption is marginal. So's the cost. The hdd was a toy to play with. The software was a checkbox during installation.
So no, I wouldn't do this to a work computer unless there were a good reason (like being a laptop). But for my personal machine it makes a lot of sense.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
in these type of departments all the computer are on all the time anyways and whole-disk encryption is 100% vulnerable to hard-boot attacks. It may be remotely useful on laptops but for desktops its entirely useless
First of all, I have no idea what a "hard-boot attack" is since there's exactly ONE hit on google for that phrase, your post. Secondly, there's no reason to assume criminals are smart and/or particularly interested in your data. If their department doesn't deal with patient data, if there's no expensive medical equipment directly on site you're probably talking about a rather average office environment with that level of security. Certainly not past anyone breaking in just for stealing the hardware and anything else that might be lying about. What you want to stop is that they sell it to someone with a clue who'll extract it or that they just sell it to some random dude which then finds confidential information and raises a big stink. Hell, even if they think they're stealing it because it has valuable data and they don't know how they end up with just the hardware. It's like with most other security measures, it's not perfect but there's no reason to make it easy.
Live today, because you never know what tomorrow brings
Have your IT guys evaluate TrueCrypt. I've been using it for some time, and have collegues using it as well, without a negative experience to report.
A coldboot attack is trivial on paper and in a controlled environment, but not in real world scenarios.
First you need to get hold of an unattended machine that works and the disks are mounted. You can minimize the probability of that by enforcing certain policies such as never leaving the machine unsupervised, closing access to the computer's case or even locking the case, etc.
Trust me, cold boot attacks are not the greatest concern.
The saddest poem
Problem solved. That will be $1000.
Because then the overhead would be even less than 1%? Seems fairly obvious to me. Some of us actually like our brand new machines to run faster than the machines being replaced. Go figure.
Maybe not
Patient information legally obligates you to care for it and the risk of loosing a single disk can run into the 10 to 100's of millions....really.
Encrypt it and get over it. You need to be a better steward of information that people have entrusted you with, I don't care if it takes you 5% longer. It reckless thinking like this in the industry that give many a bad name. So what have you done lately to protect personal information?
Read the FAQ; drives usually have larger block sizes than the block size used for encryption, so there is not much difference.
Nothing is done in "zero time" - the overall average throughput may be the same, but LATENCY for a specific request will go up. This is the same for networking gear...
Ah, well in that case you do have things to keep private (passwords and financial information), so I don't consider that too much of a waste.
I don't have financial information or other especially private documents on my machine, but I do have stuff like saved firefox and VPN passwords which I wouldn't want getting into the wrong hands. I'm not sure that encrypting the disk would provide much extra protection over the encryption that is already there on the FireFox and OSX keychain password files though. If someone can crack those, they could probably get past disk encryption too (unless there are known weaknesses in the OSX keychain or Firefox master password systems). To me it makes much more sense that work data be encrypted more than my music or *ahem* picture collections, but there are an extremely limited set of people who would find my work related source code in any way interesting or useful.
which is totally what she said
PGP is the gold standard for whole disk encryption. Encrypting your entire hard drive wasn't really even possible a few years ago. PGP is leading the way. You cry about a few things like compression. Are you serious?!?!? You compress your hard drive? Why not buy a bigger one??? You want multiple partitions so you can boot linux. Sure, you can do that.
But what it all comes down to is:
Security > ALL.
Learn it, know it, love it.
Well, OK, but an overhead of 1% is hardly measurable to begin with. If you run it on a dual core machine and halve the overhead, the additional speedup is 1.01 / 1.005 = 1.005. Is it a good investment, to buy a second CPU core to get 0.5 of one percent improvement?
expanded compression.
It's a bit like using zip on a bz2 archive: double the computation, but reduced compression, aka expansion.
I suspect that what he's talking about is the "Cold-Boot" attack, where a running computer is switched off (or maybe using the HW-reset switch) a very short time and then rebooted from a USB stick which dumps all memory to disk where you can still read everything. The memory dump is then analyzed to find encryption keys.
The only disk encryption software I have experience of (Check Point Full Disk Encryption (previously Pointsec for PC)) includes protection against that attack. I expect truecrypt and PGP does too though.
If you've got enough money lying around, you could get a Blet--er.. probably shouldn't use the code name. You could get a MR10is "VAULT" RAID adapter from LSI and IBM (for SAS and sata drives). I got to QA test it, put it through its paces. It seems to be pretty decent (now) and lets you fully, transparently encrypt your hard drives.
They're over $1,000, but if performance and security are that important to you it may be worth it. The VAULT only supports internal drives, but I think a morg--er.. I don't even know what the non-code name for those cards are... I think an encrypted version of the MR10m, which is for external SAS/SATA hard drive enclosures, is in the works.
Skiffy is Spiffy, but Ort is tort.
The drive is encrypted by a symmetric block cipher, which means you have blocks of data (typically 128 bits). So, unless you can recover to that resolution, losing the data within that cipher block means you lose that size of chunk of data. Depending on the type of file, you may lose important header information and end up losing that file, but that's no different than in an unencrypted file system.
The only thing you need to be careful of is backup of the volume header. If that isn't backed up and somehow gets corrupted, or it can't be restored, then you'll lose your information. From a pure probability perspective, this is pretty remote.
I've never heard of any HPC computer using disk encryption. Though compute intensive work need not be I/O intensive, it might very well be. If there is a real need to keep your data secure in your HPC environment, other measures that encryption are just as effective.
Frankly, encrypting everything is just not the best solution. Especially since encryption doesn't prevent legitimate users of making copies on non-encrypted media and loosing those. I guess your IT staff just found a cool new toy, but well, I don't see any traces of procedures to help safeguard the data.
My word of advice: get a security-officer to define proper procedures for data classification and data handling, really, all you need is procedure and well then maybe, pgp whole disk will play part in implementing a proper data handling procedure for data classified as C=extremely high.
i don't agree with security > all either. it's a trade off. personally i think encrypting ALL your desktops hd's a fucked idea with no merit at all. why not just encrypt all laptops since they are the real danger, leaving site etc, and enforce a policy of destroying all hd's after their use by date.
If you mod me down, I will become more powerful than you can imagine....
The place I work uses Pointsec, not PGP, but it's a whole-disk encryption product that competes with it, so the products are similar.
Anyways, the point of my post is that you're being unreasonable. The data on those PCs is important to the company, regardless of whether there are obvious sensitive things on it like social security numbers. If a direct competitor of your company got ahold of one of those PCs, I'm sure your upper management would not be thrilled if it was not encrypted, even though you personally don't think the value of the data is high.
Besides, I'm sure your PC isn't a bleeding edge box, so ask IT for an upgrade to offset the marginal performance hit. If you require as much computing power as you claim, I'm sure they'd be willing to help you out rather than not encrypt it.
If they have clusters that are processing classified data then those clusters can only be accessed from classified terminals which are physically controlled. I don't believe it's possible to partition a "section" of an unclassified machine to do classified processing. If classified machines are talking across an unclassified network then they've got Type 1 encryption devices sitting in between them and the network. Protecting classified resources is completely different than protecting unclassified resources since there's already mandatory physical security around classified machines.
whole disk encryption as a class generally works OK but opens a whole new set of problems; MBR corruption might mean you lose the whole disk; performance overhead is NOT going to be 1% (unless you do virtually no I/O) but the 10-30% that it will be is usually a good tradeoff vs. the confidential data you're trying to protect.
The real reason for the policy is that should a hard drive/laptop/whatever be lost, if it's encrypted no notification is required by law. If it's not encrypted, then you need to prove that the drive didn't contain any PII, which is hard to do since it's no longer available for forensic evaluation.
I suggest you ensure you application is decidedly incompatible with PGP whole disk (BSD? Oddball version of Linux? Custom library in your code that crashes the computer when it detects PGP?) so the IT dept simply can't ram it down your throat. This will buy time, perhaps until hardware mfg's have hardware-level encryption that eliminates the unfortunate performance and compatibility aspects of whole disk encryption.
PS: I've looked at whole disk encryption from a variety of vendors including utimaco, pointsec, and pgp -- they all pretty much work, but assume a generic windows PC running generic apps. Once you move out of that I suspect their support will thin out quickly and IT will abandon the effort.
"But actually trying to use m4 as a general-purpose langage would be deeply perverse" --ESR
It depends a lot on what you're doing with the data. If you've got a single-threaded process that's consuming 50MB/s and you can read 100MB/s from the disk and run 100MB/s decodes on the other core, you won't notice the speed difference. If you're doing random access then you will have, say, a 9ms seek time to get the data and then a few more ms to decompress it. If your process is already I/O bound (many scientific computing tasks are) then a 9ms decode per block will halve the speed of your computation.
The correct solution for this lab seems to be to borrow a policy from most defence-related sites. Have a secure and an insecure network. The secure network is allowed to access confidential data, the insecure network isn't. Run encryption on the machines on the insecure network, don't bother with it on the insecure machines. If one of the insecure machines is compromised or stolen then nothing confidential is lost.
I am TheRaven on Soylent News
You obviously never used any of the big DoD supercomputers. Have a look at the (old, by now) ASCI Red configuration here. It has two interfaces, one for classified jobs and one for non-classified jobs.
If there is one HUGE problem with whole disk encryption it is recovery from disk failure. I'm not talking about your average Windows crash, PGP whole disk crypto is OK with that. I'm talking about a more massive failure which makes a mess of the NTFS indexing (Windows can do that too).
Normally, you have three options:
- restart and pretend you don't have a problem. Rather hard if you're missing a lot of files :-).
- permit CHKDSK to clean up the disk. In my experience that is a sure way to guarantee you will never be able to access your files in a sensible state ever again. No idea why, but Microsoft doesn't appear to have focused on file recovery with CHKDSK, more on returning the disk to a consistent state. Or maybe I need to do some RTFM :-)
- use another tool to access the disk which doesn't need a 100% clean NTFS layout to still scrape the files off. This can be typically done with a Linux live CD as the read-only NTFS mount of Linux is substantially less picky about how consistent the file system is. I introduced this idea to a large consultancy when I worked there and they have saved a good amount of data this way over the years.
When you use full disk crypto, forget about booting up another OS to recover data. Installing full disk crypto without adding a good backup solution (encrypted, of course) is asking for trouble.
What I like about PGP is the ability to use additional keys which are split, so you need to involve multiple people before you can backdoor it. However, it always makes me wonder if there isn't an additional key of which we don't know anything..
Insert
This issue deserves some formal testing. For example does OS effect the outcome or how about file system type such as fx3 vs. Reiser? All in all I suspect that the man needs a very specific answer that will require a real test rather than opinions.
The overhead for this technology is during retrieving and storing data to the hard disk.
Unless you're running a database server on your personal machine the overhead is negligible.
Unfortunately it's not the security panacea they might think it is. The only thing it protects
you from is public disclosure of data from lost or stolen machines. If the machines are in
a protected access environment and aren't removed is probably a waste of time. It might
make good "security theatre" though. (it will make some people feel better even if it's worthless)
-- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
Are there any consumer grade hardware cryptography engines to offload the work from your CPU to dedicated hardware? It seems like there'd be a big market for it nowadays.
USE THE CRYPTO
and yes, I'm shouting. This has been resisted for too long -- its kind of like garbage collection in programming systems.
The slow part is the physical drive. The crypto can be done FASTER than the physical drive, which means, at worst, that an additional processor needs to be assigned.
Indeed, the ONLY time I recommend crypto not be used is when dealing with US border. There I use file crypto on specific projects, along with dd to overwrite freespace and swap (before crossing).
But, if everyone (looking at US citizens) starts USING crypto, a fully encrypted laptop would not raise suspicion.
Just another "Cubible(sic) Joe" 2 17 3061
Better cut all net access before thinking about encryption. Am I the only one who thinks that a lab working with stone age technologies like paper and pencils is more secure than a lab using computers?
because .5% overhead is better than 1%
The DoD machines aren't on the internet and I don't think they have any real network access.
This is an obvious troll and should not be modded "interesting".
Sheesh. 1% my a$$.
The software sucks. It's glitchy. Their coders don't know what they're doing. I was working for a military contractor and we had the software removed within a month of installing it on everyone's computers.
It looks like your admins are the type that if they stumble on a "neat idea", they start looking for ways to use it. Or finding ways to use it. Or inventing ways to use it.
Not a good thing. Sort of a colary to "when all you have is a hammer, everything looks like a nail". Only in this case, "when you find a shiny new hammer, you start looking for nails, or other things that could possibly use some hammering".
Here's hoping they don't continue to push this on you even if you show them it's not a good idea. It's their job to build a case for implementation, not your job to build a case for cancellation. Anyone that says "we're going to do this unless you can show us a very good reason not to" (without having demonstrated a need to press on) needs to be taken into a small private room for a quiet discussion, or a quick beating.
I work for the Department of Redundancy Department.
Transcript:
http://www.grc.com/sn/sn-133.htm
"Trying is only the first step towards failure." - Homer
Out of curiosity, do you think that being an asshole somehow makes you cool? That insulting the guy will lend any more credence to your advice or make anybody more likely to listen to you?
Because it won't. It just makes you look like a typical super-nerd elitist who thinks that because some solution is perfectly obvious to him, it should be perfectly obvious to everybody else, too.
The submitter is in a research institute. Some labs in that institute have patient data, and therefore require significant security like disk encryption.
Repeat after me: "The first line of security is physical."
If the servers are locked in a room with limited access (like, oh, say, 95+% of servers in the corporate world), then the probably not.
Data security is about securing the data using reasonable compensating controls. If no one can get to the disks, and those who can comprise a limited list of, say, trusted sysadmins, then it doesn't matter whether they're encrypted or not.
Requirements, if properly written, never specify implementation details -- the means. They only specify what is needed. How that is achieved is irrelevant so long as it the requirement is achieved completely.
So other than for devices that are not in access-controlled environment (like laptops or, in some cases, workstations), the need for whole disk encryption at most places is nil.
My blog
Ya know this sounds more like something a government agency would chose to do not really an academic institute. Are you sure that your characterization of the nature of this decision is accurate?
Yes, it is.
...and get it exempt by demonstrating degraded performance if you use whole disk encryption. If the IT guys complain or tell you you're doing it wrong ask for their help to do it right. Then go ahead and encrypt a few of your documents to keep the IT staff happy. All your "temp data" are belong to YOU. IT guys get to implement their new policy with you as an exception. Then go work on your resume. Everyone's happy!
These posts express my own personal views, not those of my employer
You're "mostly" right.. but, dont forget, there's a difference between throughput and latency... Imagine your garden hose. a 200 foot hose may not slow down the water, and you're still getting the THROUGHPUT that you need (gallons per minute), but the water that comes out of the sprinkler head end may come out 20 seconds after it went into the other end of the hose (20 second latency)... For some jobs, with sequential read/write, throughput may be all you need (and may be where the 1% rating comes from on the original poster's PGP stat) but for something that needs to stop and start, and/or have quick access to random data, waiting for a decryption/encryption engine isn't a good fit, even if it is hardware. -Steve
-Steve Tired of voting for the "lesser of two evils?" Come talk about it on www.bothsidesarewrong.com
Something is wrong. I recently evaluated FDE products for my employer (although PGP was not one of them) and other than the initial encryption (which slowed-down my PC about as much as a complete backup would) the performance hit is not noticeable. If you are seeing constant performance hits which seem to be directly related to adding a modern encryption product, then something is very wrong (maybe you have minimal memory and it's try to encrypt the swap file/partition?)
Unfortunately there does not appear to be any open source full disk encryption options for MacOSX on the primary boot drive. TrueCrypt's MacOSX port does not provide the full-disk encryption support that it provides for its Windows & Linux ports. In fact, on MacOSX, one cannot even use TrueCrypt to encrypt one's home directory, without having to be forced to first log in as another user to mount the TrueCrypt image and remained logged in while the original user is logged into their encrypted home directory on the mounted image.
There are proprietary closed source options for MacOSX full disk encryption, but I would not trust any of them unless I can examine the source and compile it myself.
"it is hard to find any negative articles on PGP"
Most probably because it's not common to find it abused in such a stupid way...
http://www.dieblinkenlights.com
"Performance" is only a valid topic after addressing reliability.
In my company, we gave up on PGP's whole disk encryption after it consistently locked up (but was ok after many multiple reboots) on both Panasonic Laptops and Lenovo Laptops.
For the last few months, we have been trying TrueCrypt on the above brand laptops and also and HP desktops with no issues (as of yet).
If you load RAM by opening a bunch of simultaneous Windows and then run some mathematical loops that represent the kind of calculations your environment demands, you can then determine whether the overhead of TrueCrypt (or whatever) is worth the security benefit.
Good luck.
No matter where you go . . . there you are. - Buckeroo Bonzai
Live Long and Prosper - Thanks Leonard. You are missed.
The other thing I cannot understand is why anyone would want to run whole-disk encryption on a compute server. Even the US DoD machines that are used for classified research do not do this!
The DoD has tanks, fighter-bombers and men with M-16s to keep their servers secure. Encryption isn't as necessary for them.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
What about the handle leak that will render your machine unusuable if you leave it on overnight? Still waiting for PGP to fix it.
You're right, though I'd argue that on top of all the buffering etc going on already you can design such that this isn't the slow step. Also, any data access that needs to be that fast should be on a ramdisk anyway, security or no.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Considering the type of data that the OP is working with and the choice of the product to use, it may be that they fall under the government mandate of using encryption and that it HAS to be FIPS 140-2 approved. In this case TrueCrypt (as much as I like it) is not a valid choice, as it is NOT FIPS 140-2 approved.
Even the US DoD machines that are used for classified research do not do this!
Um...I think they'll have slightly more stringent physical protection applied (big fences, big guards, big guns). That makes up for a lot.
Catch is, USB drives are way slower than hard drives. As in, 2-3 orders of magnitude slower. It could be that the USB is a bigger bottleneck than the encryption.
Most human behaviour can be explained in terms of identity.
Which cipher did you use?
The AES is actually pretty fast, if you study the algorithm. A lot of bit shifts and XOR operations that can be done very rapidly in hardware.
(I've never benchmarked my own system, so I'm not looking to dispute your figures. Just curious.)
That is interesting - if the overhead was really 1%, then why even bother with optimizations for multi cores?
Why not use the other cores when they are there? :)
My Dualcore T9500 benchmarks at around 170 MB/s with 10 MB test data with TrueCrypt 6 and some programs running. That is both encryption and decryption. Encryption a little faster.
The advantage of hardware encryption is that
1) The encryption doesn't touch CPU or memory resources
2) The encryption can be done in parallel, you write one thing while encrypting the next thing to be written.
I work for Seagate and took an internal course on FDE. The main downside to hardware FDE as security measures is that it doesn't help you at all while the drive is on (the only I/O differences with the devices are you can only write one sector in a commmand, and when you power on the device you must have a password). Once the drive is on, FDE doesn't stop hackers from breaking in. The point is a stolen laptop (that is off) is completely unreadable.
At a lab I used to work at, we had problems with IT shutting down communication between various instruments we had because they used "non-standard" ports (they looked like viruses to an automated snooper).
After fighting that for a few years, we just took the whole lab off of the network (no access to school network or internet). We put in a server (managed by the IT people, with all the encryption and security they wanted) which was connected to the school network (and the internet) and to which we could upload data from the lab. Laptops could still be used to access e-mail and the internet, but could not run experiments.
I imagine if you came to your IT people with a plan for good physical security, an explanation of what you're working on and a plan to isolate yourself from any patient data, they would be happy to help you. They're there to make your life easier, not harder.
It seems a bit petulant to question an institutional IT policy using reference to an article that's apparently over 10 years old.
From the article (emphasis mine):
"I tested a beta of PGP disk version 1 for Microsoft Corp. Windows95 version 1 in Network Computing's University of Wisconsin lab, installing it on an AMD K6 200-MHz computer with 9 GB of Ultra DMA EIDE drives and 64 MB of SDRAM memory.
As to why full-disk encryption might be required, many states now have data-loss notification laws that require you notify anyone that might be affected unless the drive is completely encrypted. This is the case in my state, though my institution only recommends full-disk encryption on laptops or very high-risk data. The best option to keep sensitive data safe is to keep it on a protected file server in a physically secure, monitored location (i.e. campus data center) rather than on a random local computer in someone's lab; however, this doesn't always work for high-performance analysis. And there's also the "I want my data in my lab so I can hug the server" mindset to deal with in some situations.
Of course, my perspective may be a bit skewed. As a technical policy enforcer at a higher-ed institution, I'm fairly used to hearing a myriad of excuses for why policies, even those based on specific state or federal laws, shouldn't apply to someone's particular academic research context. On average, I've found that faculty arguments against IT policies are as creative and insubstantial as the excuses that their students give for late homework.
Catch is, USB drives are way slower than hard drives. As in, 2-3 orders of magnitude slower. It could be that the USB is a bigger bottleneck than the encryption.
True. But my tests shows that I am able to pull around 170 MB/s in TrueCrypt benchmark, so the disk will always be the bottleneck.
When developing and testing virtual computers, USB speed is fine.
Well CPUs have gotten a lot faster in the last few years.
I do wonder with a modern CPU if a hardware RAID is of any use on a NAS server. You can get a Athlon X2 5000 for under $100 and four GB of ram for under $70 these days. Going up to a Xeon or Opteron will cost a bit more but not a lot.
Did you test with RAID5?
Just wondering.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Especially when we're talking about security.
If your requirement is "I need my disks to be encrypted", for example, and your requirements go no further than that, then you may find your vendor of choice decides to encrypt your disk by XORing it with "TheSuperSecretPasskey". Technically encrypted, but not very useful.
Think that's unlikely? That's how some eBook DRM schemes work.
In the US and Canada, there's something called FIPS 140-2 which describes in painful detail exactly what constitutes a "secure system", including what crypto algorithms may be used (right down to the RNGs). The idea is to make it so your typical government employee can distinguish between something that is actually secure, and something which is snake-oil secure, without a doctorate in math.
Likely the requirements in this case are coming from something like HIPAA, which I'm less familiar with, but specifies exactly how patient information should be treated.
I'm a big fan of TrueCrypt, and have used it for about 3 years. In that same time, my company has rolled out PGP Full Disk encryption. Honestly, we've had nothing but positive feedback about how unintrusive the product is. This is easily the security tool with the highest positive employee feedback we've ever deployed, hands down.
What has happened is a shift away from common sense to paranoia. It is and always has been the case that business needs come first, THEN security. The purpose of all the computational power is to support the business need for it in the first place, not the security need. In addition, Risk Management should be used to then decide what, if any, security needs must be met, and only enough to provide adequate security.
Security should never ever trump business needs and security should only be implemented if the risk dictates a threat that can exploit a vulnerability and has a high enough probability of occurance
When are the IT/network guys going to realize that among their job responsibilities are facilitating and enabling their users, not restricting them in new and inventive ways because it makes them feel useful, or is an excuse to exercise their authority. The job is to make our jobs faster, and easier. Security is secondary to getting the job done. And yes, secondary. Because if the business can't get work done, it doesn't get paid, if it doesn't get paid, it ceases to be rather quickly, and thus you don't have anything to secure.
Question everything
I find this to be true in Windows networking as well (big linear reads are pretty quick, little chunk access is dog-slow.)
To the parent: in addition to documenting the money/time cost impact of implementing a policy that has no value (beyond standardization) in your department, you can throw a little FUD on the fire: when a standard disk gets corrupted, you lose the corrupted portion, when certain (frequently written) parts of an encrypted partition get corrupted, you can lose the whole partition.
Apple has the option to put a user's whole home partition in a File Vault. I tested this on a MacBook Pro since we were considering implementing a HIPPA sensitive system on OS-X. The MBP had a tendency to not shut down cleanly, especially with the drivers they were circulating in 2006 - it only took about 3 of these unclean shutdowns to hose my encrypted home partition, essentially locking me out of the machine entirely. I knew all the passwords, but the best that escalated AppleCare could come up with was to reformat the drive and start over. I still have the unclean shutdowns, but now (without File Vault) when they cause a little corruption, Disk Doctor cleans it up and I don't have to do a whole system restore. I keep only the sensitive files in File Vault, encrypting the whole drive is too risky for me.
They should encrypt the network, not the servers. Then you only need to encrypt the laptops and USB sticks and other removable media.
Which hardware RAID did you pick? Did you avoid RAID 5?
The RAID we tested was RAID-0 and RAID-1. We have several filesystems used only for temporary data which lives about 1 hour (intermediate results between steps) and gets tossed after that (unless we're debugging), so if that crashes it's no big deal. The largest problem for us is that we need to be able to have X TB of diskspace (with X growing every year) that needs to have Y MB/s throughput (with Y growing every year as well). These types of filesystems we usually setup in RAID-0.
With RAID-1 the idea was originally to make sure the operating system disk itself doesn't croak, but in the end we decided to make an install image that can be deployed in a matter half an hour. If a particular fileserver dies we lose at most 1 hour of computing time, and the lost jobs get rescheduled, unless all of those fileservers would die at the same time (that would really make my day).
For long term storage (the actual results and original files) we already have a solution, which I don't have any control over other than an NFS share that I mount. Speed is not really of importance here. From what I gather they do use RAID-5 there, but it's a Fibre Channel SAN that gets exported. Sadly, I didn't get to have fun with that thing since it's an area I'm quite interested in.
I'm really hoping to have some fun with ZFS in the near future. I've been hearing a lot of noise about it and I want to see what it can do for us and if it's a viable solution.
Serpent? What the hack are you using Serpent for?
From wikipedia (and my mind):
"Serpent was widely viewed as taking a more conservative approach to security than the other AES finalists, opting for a larger security margin: the designers deemed 16 rounds to be sufficient against known types of attack, but specified 32 rounds as insurance against future discoveries in cryptanalysis."
Rijndael is probably better researched as well, since it became AES (and since nothing is found yet, it's probably more secure). Anyway, for additional security I would stick to AES-256 or just plain AES-128. It's very likely to be much faster and nobody with a serious mind is going to attack the crypto-protocol used (unless it is single DES or something similar).
Who's the expert on IT and security requirements and who is the researcher? Let management play their CYA game and stop fighting with IT.
Yes, I'm an IT'er.
Think of it this way. IT is a peripheral support group in most businesses. You can let the hobbiest engineers and scientists play sysadmin and you'll get hobbiest results, if not a turf war between departments. Only management SHOULD be worrying about how security and productivity are balanced. I recommend that the IT manager be a direct report to the highest level of ANY business to prevent abusive control of IT resources.
If you don't like your management, you're working for the wrong business. Let IT do their job. Do you think they like throwing in extra layers of security? That increases their workload exponentially.
This issue deserves some formal testing. For example does OS effect the outcome or how about file system type such as fx3 vs. Reiser?
FWIW, I've had really good experiences with XFS. For my particular usage XFS came out on top in performance in the areas that matter for our particular usage. We tested Reiser 3, ext2, ext3 and XFS. Again, some filesystems will perform better than others in different circumstances. Note that I'm not saying anything bad about other filesystems, each does what it does and fills its users particular needs.
So yeah, for specific answers especially performance wise, you're best off with googling what other people do and what kind of performance they get, and testing things out for yourself. If performance is critical enough for your application you can justify the time (and money) it takes to test the systems you're considering (within reason).
Correct me if I'm wrong, but I believe that Linux is not supported by PGP WDE. It's an easy question of "Do you use Linux?" If you do, then it's a horrible productivity hit because you can no longer use your OS...
Well CPUs have gotten a lot faster in the last few years.
The linux kernel has advanced since then as well, and storage media as well. If I'd have these statistics handy they'd be an interesting reference, but they'd be hopelessly outdated.
Did you test with RAID5?
No, only RAID-0 and RAID-1. I've replied somewhere in this thread to someone else on the specifics of my type of usage.
One option to consider is seeing whether you can file for an exception. Your company may have an exception policy with respect to the implementation of controls like full disk encryption. If not, you may want to ask them to implement one as it's a fairly standard practice. The security folks may want you to explain to them (in writing) why you can't implement the control, why you don't believe there's risk, and what possible other mitigating controls exist to minimize or eliminate the risk of not using full disk encryption, but with that you might be able to file for an exception. Just a thought.
"There is nothing more unequal than the equal treatment of unequal people." - Thomas Jefferson
WDE causes me headaches, but I figure the speed of my memory paging isn't as much an issue as the constant paging. Add more memory, stop paging, move on.
Honestly, with Windows, WDE bothers me more because relatively fixable system problems which prevent booting become 'nuke and pave' problems than because it makes the computer slower.
The first time ( or next time ) your PII is lost because some schlub downloaded it against policy and left his laptop at the coffee shop, you'll wish your company had a universal WDE policy.
#-#
Ad Astra Per Aspera
A rough road leads to the stars
I don't want my data leaked, thank you very much!
When you say "high performance computational," I envision CPU-bound number crunching that isn't doing much disk I/O. Thus, the disadvantage would be: none.
If that's not what you're doing (i.e. you're actually talking about a database server that doesn't have enough RAM), then I guess how I could see the disadvantage as being pretty high.
So: what are you doing? What does "high performance computational," actually mean in your context?
Another issue:
That's hard to believe. I won't definitively say your source is wrong, but you should be pretty skeptical about it. You should look really hard at this "evidence" or put it forth for discussion.
That aside, in my opinion, full disk encryption is usually unnecessary overkill, provided that you really know where your data is. Just get /home, swap, probably /var, and maybe /tmp (depending on how you're doing things) and you should be well-covered. There's no reason to encrypt /etc and /usr/bin, for example, so why pay for any overhead there?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Thanks. I found the post.
RAID 0 and 1 are low CPU use to start with so I would expect good performance with that.
My latest build comes with 5 SATA ports and one ESATA.
If I had all the cash I wanted to spend on this build I would get two raptors and make those RAID1 for the OS and then Three 1TB drives and do a RAID5 for media storage.
Maybe some day.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I don't know what "defence-related site" you're working at, but at mine the "Unclassified" network has more security policies attached to it than I've seen in any corporate environment.
The "Classified" network is worse and in most cases it's almost impossible to do actual work there. Of course, the dirty secret is: that's the whole point. What gov. civil servant (be they military or not) wants to do actual work? Also, since everything is "Classified" then it's also very difficult for work to be peer-reviewed so there's no accountability for what's done there.
I swear, half of the stuff we do here must be counterintelligence. We stamp it "sensitive" or "For Official Use Only" -- but if any foreign intelligence agency got their hands on it they'd be laughing so hard they might consider giving up on spying on this country altogether.
I'd give my right arm to be ambidextrous.
tell the IT guys that humans are not protozoa
---- Where is my mind?
A quick google for PGP whole disk encryption yield PGP's spec page
Which probably means that the scheme is your typical PGP your symmetric key...
So it seems that an AES acceleration, such as the VIA PadLock, could potentially mitigate the performance issues.
X-bit labs just had a minor blurb recently about how the Via Nano with PadLock trounced the Core 2 Quad...
What joy do people derive from flaming? I don't get it... :(
And yes this is an obvious flame considering since the OP is not working with sensitive data.
Tired of all the isms, don't exploit people as an employer, or a government, mmmmK?
My experience is that on 8-year-old processors, software RAID5's overhead is pretty damn minor. I can't imagine how minor it is on today's stuff.
And then, on top of that, disks are getting so huge that RAID5 is on the way out. RAID10 or even RAID1 is the way to go now, so the overhead has gone down even if you ignore processor gains.
Hardware RAID is so obsolete that it just amazes me that it's still around.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
But if in spite of this, you still want to use whole disk encryption, I do not think that PGP is the answer. I think that simple symmetric crypto is a better fit.
PGP's claim to fame is its public key nature. That is it solves the key distribution problem. A sender does not have to contact a receiver to agree on a symmetric key. The receiver can look up the sender's "public key" from published sources.
But in the case of whole disk encryption there is no key distribution problem. All necessary keys must exist at boot time, under any whole disk encryption scheme. Therefore the key distribution problem is solved beforehand by definition.
PGP uses a hybrid solution to the key distribution problem. Public key encryption is used to distribute a symmetric key which is used for the bulk of the work. Since in the case of whole disk encryption there is by definition no key distribution problem, the public key stuff can be eliminated resulting in stronger simpler crypto.
Also, symmetric key disk encryption is available for free (both in the since of beer and freedom) with most Linux distributions.
ZFS with RAIDZ2 also has almost no overhead, the extra features like on the fly compression are just gravy. I've also seen a lot of hardware RAIDs fail, only had one or two Linux MDs fail that I couldn't rebuild.
Among the people who claim this is Steve Gibson who does the Security Now podcast with Leo Laporte. When he benchmarked TrueCrypt, he found that not only was the overhead as low as claimed, but that Windows Defrag ran faster.
I run TrueCrypt on a machine that I use for audio editing, and I've seen no performance dip since installing it -- the boot time remains between 60-90 seconds, even with the password screen.
Les Miserables Volume 1 now up with my reading of
It can cause a hit on battery life, too...
I had a company laptop with whole disk encryption -- required, we had sensitive (unclassified) data on it. The A/V (Symantec Corporate) would hit the disk every 5 seconds, and because it was encrypted, took a bigger hit on the battery. You could hear the CPU fan spin up every 5 seconds or so.
If you're interested, it was actually the "tamper resistance", where it was checking to see that it was itself intact.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Guess what happens when your encrypted disk can't be booted? You can't boot under a windows/emergency restore disk, because your partition is not readable. You can't boot off anything other than the hard drive.
For system partition encryption, TrueCrypt forces you to create an iso which contains the original password hash as well as the original boot sector of the drive. If you can't remember what the end user changed the password to after IT encrypted it or the boot sector goes wonky, just use the disk and you are on your way.
Yep. I set that up once -- I wound up being the ISSO. I wonder how many of the posters here have even read NISPOM chapter 8?
We set up a cluster and 3 workstations on a separate network. The network was physically isolated.
Getting the paperwork completed for the DD-254 was a nightmare.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Comment removed based on user account deletion
alaederach wasn't looking for a sales pitch on Truecrypt. The decision has been made. He is looking to the slashdot community to empower him with a good argument to resist encryption. I hope that he chooses to embrace encryption, while recognizing that it is not applicable to every environment or computer. He can still make an informed argument against it in his case, provided he is correct in his assessment.
POLICY
alaederach, I believe the folks that posted advice about resolving this through the proper channels to get an exception to the policy is your best route. Dont start argumentatively. Explain your concerns and keep an open mind about them. Start with a member of the team that is deploying PGP and ask what the proper procedure is to get an exception to the policy. If there is a project manager assigned, that would be the person to start with. Project managers are usually more open to the needs of your area, and have the power to address issues that are raised during the implementation process. Kindly explain your concern, and ask if a high performance system can be benchmarked and tested prior to the roll out of PGP.
PERFORMANCE
As a proud tin foil hat wearing network administrator whom has rolled out PGP, I did not find a performance hit that was enough justification to make an exception in our environment. However, the identified risk of data loss and theft was a concern for the traveling laptops. The servers were less of a risk due to the physical security controls that were in place. PGP was only rolled out to laptops in my environment. I would recommend extensive testing prior to the roll out for high performance machines. Boot times were slower, but were measured in seconds vs minutes. In every case where performance was an issue, it was typical problems that one might find on a windows machine, and was unrelated to the encryption.
SECURITY
Every time I have worked as a member of a team deploying a security measure, the same argument is claimed by someone. "There is no reason to do X as it can be subverted." That goes for policy, physical access controls, software, and hardware. Encryption is no exception to this. Yes, warm and cold boot attacks are possible. Yes, highly motivated individuals, groups, and governments may have the ability to access your data. Security is best used with many layers. It can be highly effective at reducing risk, and keep higher percentages of the population from accessing or corrupting your data. alaederach, your best argument here is risk vs reward. This is where you kindly make your claim that risk is low due to the low impact of data loss in your environment. At the same time, if you have good physical security controls, you might want to include that in your argument. If the data that your work produces is valued higher by the decision makers than what you are sharing with us, then you may want request the performance testing and explain the risk of lower production due to performance. Geeks love performance testing, and if the highest risk is determined to be your computing performance, you just might find an exception to the policy.
MYTHS
A network adminstrator that gets hit by a bus, will cause your data to be lost. FALSE. The majority of organizations that have the funds to implement a project such as this, will also have determined off site storage of encryption keys as well as any othe data that would be backed up. Usually it is a different geographical location that utilizes high physical security controls. Yes there will be members of the staff that will have access. That is why there are Human Resource controls in place to vet the administrators. I.E. background checks.
An encrypted drive can not be accessed to retrieve data. FALSE. encrypted or unencrypted, proper data backup methods should be in place. With PGP specifically, I created a bartPE cd that allowed retrieval of data on a hard
HIPAA doesn't get into very many specifics at all about HOW to secure the data, and so every company seems to come up with their own ideas of what secure means. When your company is like mine, we deal with protected healthcare information from dozens of different companies, all of which have their own views, sometimes contradictory, of how to protect the data. Of course, our salespeople fall all over each other to agree to whatever way every client wants their data protected.
One of the things they agreed to do was to PGP encrypt every drive. This includes the servers that no one can possibly walk off with without breaking through several stages of physical security.
Most troubling of all is that we discovered that our primary peice of third party software that we use to deal with the Protected Healthcare Information, inexplicably will not install on a drive with whole drive encryption on it. The third party company has no idea why this would be. We have been using this software for over 5 years and there is not really another alternative in the market right now. So in order to protect the information as we have agreed to do, we will just have to stop processing it altogether.
Which frankly, is fine with me, because I am sick of dealing with protected healthcare information, because apparently some strangers information is so important that I have to reveal every tiny detail of my life to the company and all of their clients including credit check, background check, criminal check, fingerprints, urine test, etc., etc. Why is strangers' data protected while my information is openly shared with anybody with a passing interest in doing business with my company?
If you are not allowed to question your government then the government has answered your question.
Brilliant. Refer to a craze for pgp disk encryption, then worry about problems suggest by an article from 1999 !!! (nine years ago) about some software for Windows 95.
The author was unclear on whether his non-patient data is residing on the same physical space as the patient data. It would appear to me that this is the case.
.
I would assume "our researchers" means they share "our lab's resources". I'd put money on the IT policy stating "any storage device containing sensitive patient data must be . . . ".
If this is the case, the poster is completely out of line. If you would like a solution to your problem of whole disk encryption interfering with your non-patient sensitive research, here it is (and I'm sure your IT dept would agree):
.
Yes, it may be more troublesome to reallocate space. Yes, it may cost more due to lack of support for certain compression algorithms in the form of extra storage space needed. However, it is required by law that this data on your storage devices be secure. You never mention actually speaking to the IT department or what their response was. They may provide alternatives or be open to suggestion of alternatives that would minimally impact your other users. However, that they want to secure this patient information and are willing to take steps to do so is a very good thing.
And no matter what the solution is, it's guaranteed to negatively impact the researchers that deal with this data in some form or fashion. Whether it be in work flow/productivity or in operational costs. So brace yourself for that. These "hinderances" and headaches are part of the price for working with patient data. Every bit as much the hard disks, lab materials, and labor.
Just because you handle "certifications" doesn't mean you engage in best practices. In fact as an old school Linux/Unix nerd who remembers the command line days I often find there is an inverse relationship between qualifications on paper and competence. The best hackers in the old school sense of hacking as creative coding were not the people who went though cubicle drone tech certs., but those who had a passion for computers starting with a TRS-80 with a tape drive when they were 12. Most of these people later became bearded "hippies" with no certs whatsoever and those people now run entire networks at the world wide level despite never having had a cert. Ignore the advice of these people at your own peril.
Tired of all the isms, don't exploit people as an employer, or a government, mmmmK?
You need to look at security as a three-legged stool. If any leg is missing, the stool falls down:
1) Physical security: Locks, security cables, security cages etc.
2) Encryption - Provides data protection
3) Theft recovery and secure data delete - Via a product like Computrace
With these three legs you'll be covered.
Encrypted partitions are excellent for their intended purpose: To safeguard the confidentiality of sensitive data. But an "across the board" policy of encrypting every HD in a whole shop is simply nuts. In addition to the performance problems with intensive computation requiring constant read/write, the way to recover from a file system corruption problem with an encrypted partition is very often "Kiss your data goodbye, it is gone forever, period." So, add the cost of a major upgrade in your offsite backup process, in money and network and in-the-box processing overhead, to whatever the PGP license costs /and/ the vastly increased risk of major data loss.
In general, it seems that anything reliant on throughput doesn't really care about FDE. It will take up some CPU time, but the system is already so limited by the physical disk itself, the difference is minimal.
But if the workload is heavily based on lots of small transfers, the FDE en/decrypt adds quite a bit of latency and can cause very significant performance loss. If the drive takes 5ms to seek for data, then another 5ms* for the data to be decrypted, and you're doing this dozens of times per second, you're looking at a 50% performance cut, in addition to the CPU time used.
In general, pretty much everything most people use a computer for falls into the first category and they're not going to notice a difference, but in the latter case, the performance loss can be utterly deviating.
Obviously, the only way to figure out which case this guy falls into is to test.
*number being pulled out of the air, though I'm pretty sure this is a decent ballpark figure.
upon the advice of my lawyer, i have no sig at this time
Your IT people need to remember that whole-disk encryption only protects against some threats, not all. It's mainly going to protect against physical theft of the drives themselves, or the computer they're in. That means it's going to mainly benefit laptops that're out in the world where they can be easily stolen. Office desktops, if they're stolen that means someone had physical access to the building to take them. If the IT department can't name the last time a desktop was stolen from the building, theft is probably not an issue. Servers aren't likely to be stolen at all, they're locked up in a presumably secured data center and I just don't see an outsider being able to get in there let alone unrack a server and walk out with it under their arm. Again, if IT can't name the last time a server was stolen it's probably a non-issue.
And even in the case of a laptop, the encryption only protects the disk while the computer's powered off or in a state where the encryption software's discarded the key and won't decrypt the disk again without you re-entering the password. We found where I work that the standard suspend mode of the laptops does not trigger PGP to prompt for the password on resume, for instance. Since most of our people leave their laptop suspended while carrying it around rather than turning it completely off (to speed up start-up), the PGP encryption essentially isn't protecting the disk at all since the thief won't need the password to get the data decrypted. I don't count the normal screen lock, since if that were sufficient you'd just force password lock on the screen saver and not need encryption at all.
And of course whole-disk encryption won't protect you at all from viruses, trojans and other malware that gets onto the system and starts sending data back home. That stuff's running after you've helpfully given PGP the password and it's cheerfully decrypting data for you, and it's running as you so PGP thinks it's you accessing the data. Again, for office desktops and servers remote access by malware's probably a bigger concern than physical access to the machines and you need something other than whole-disk encryption to protect against those threats.
To be honest, I'm much more of a fan of removeable media. Put the patient data on a USB stick, then plug the stick in to access the data and remove it when you're done. If the sensitive data isn't on the computer then nobody can get it by stealing the computer. Just don't fall victim to those "encrypted" USB sticks, many of them either use algorithms that're trivial to break or they fail miserably at some point (eg. leaving the encryption key in unencrypted unprotected space where it can be extracted and used by a thief). It's much easier to lock some USB sticks or CD/DVDs up in a secure drawer than it is to protect a computer.
Seriously, you have a problem either with the hardware configuration, other software, or the OS. Sometimes bad sectors on the HD during the encryption process will cause Windows to downgrade disk access to PIO mode, slowing things way down. Maybe there's some disk indexer running...could be something else.
I run PGP WDE every day, have since a beta of the first product, and what you're seeing is *not* normal. ...and yes, I work for PGP.
HIPAA has requirements for availability as well as confidentiality, so any place handling protected patient data should set up an ADK. An Additional Decryption Key is a PGP feature that allows reading an encrypted disk with a corporate recovery key.
BitLocker and (moving away from whole disk) EFS have their own ways of accomplishing the same thing.
I run the IT Department for a company in the EDU industry.
We have about 80 laptops in the field, and about 2x that in desktops.
Since we deal with a lot of sensitive data (read: personally identifiable) I have been deploying PGP WDE for the past few months to all laptops (no desktops).
Speed:
Our users primarily use a web browser and Outlook. No one has complained about speed yet. Caveat: While it's encrypting, the laptops will slow to a crawl until it's done. We've had a lot of complaints, even after my helpdesk guys advise them.
Administration:
Couldn't be easier. Someone mentioned that you could essentially "lose the key." Not possible, and I've tested it. WDE creates a backup 1 time use token so that if someone forgets their password you're not up a creek. Also, the server side software allows for backups, so you're covered on that end.
Cost/etc:
Expensive as hell, in my opinion, but a hell of a lot cheaper than having to pay our lawyers. My impression is a very positive one. The only thing that leaves much to be desired is support. You have to submit a ticket online, and if you're lucky, you'll get a call back within the day.
So my work did this to all desktops and laptops (though not servers, thank goodness). Of course the ironic bit is these desktops are all in a secured buidling...
This is on Windows boxes so YMMV but we've had lots of complaints. Stupid stuff like opening a new file explorer has a 2-3 second lag each time. Scrolling down a list of files in a directory has a 3-5 second lag.
The worst part though is when the mandatory "noon" virus scan starts. We actually had to move anyone who didn't already have a dual-core system to one so this wouldn't lock up their box for 10-15 minutes. And I do mean lock up.
All in all we've learned to live with it in the way folks learn to live with a persistent rash -- annoying but not life threatening.
Now, as many have said, in a HPC situation it might be different...
Hey Friend,
I hope your PC has a UPS, with auto-shutdown mechanisms in place in the event of power loss.
Otherwise your placing your Raid-5 data at risk due to the "write hole" issue associated with Raid5.
Raid1 / Raid10 or ZFS would be a safer alternative if your data has value.
Troll, Troll, go away and flame again some other day
Wow. When you say this:
I have to feel for you. I'm really sorry that whatever solution you've implemented is this crude.
This sounds like you're talking about situations, even physical damage, where an unencrypted disk could be slaved to another machine and the data recovered. In those cases, where I work we slave the disk to a functioning machine and mount it with an encryption cert sent to us from the group that centrally manages our encryption. Then we copy the data (or, if it was just a software problem, fix what was wrong), build the user a new machine, put the data on the new machine, and the user walks away happy. They'll be without a computer for a day but, even though our security policies are absolutely ass-aholic about requiring full-disk encryption *everywhere*, we've been able to recover data in every case where we would have been able to recover it from unencrypted disks.
Considering that much of your hard drive consists of non-private data, like the operating system, program install files, and spurious user junk, why bother encrypting the whole disk? Why does anyone bother? Just have an encrypted directory, partition, or even a second small hard drive and save all super-top-secret files in there.
Sun, right now will tell you otherwise. They are pushing what is really just "software RAID" and are getting good cost performance. So I think what performance you get depends a LOT on what hardware and software you are using. If it is a generic PC running Linux I'd expect so-so midle of the road performance but if you bought both better hardware and better software you could get better performance out of software RAID. I've seen software RAID be able to "flood" two Gigabit ethernet ports. The advantages of software is that it is so much more flexible. Just compare Solaris' ZFS to anything else. You have to on the hardware side buy some very expensive products (like going with NetApp) if you need features like point in time snapshots and to be able to reconfigure on the fly and all the other stuff that ZFS gives you.
Well I'm not suggesting people go buy a new multi-core machine just for a tiny TrueCrypt speedup, but since most new machines have multiple cores they might as well take advantage of it.
As for modifying the software, it probably depends on how much effort was required to get the speedup.
Maybe not
You insensitive clod...
you had me at #!
Never heard Microsoft called "stupido-quark" before, but if the cap fits...
you had me at #!
The real problem is after that. The minute Windows loads up the disk starts churning and barely ever stops.
It just churns and churns and that little hd light just keeps going and going.
swap file?
not only is time travel possible, it's irrelevant.
You *have* been away a long time then.
you had me at #!
Amazingly, everyone ignores the fact that an HPC cluster will have hundreds or thousands of headless nodes into which no boot-time passphrase can be entered.
Now, what is the value of FDE when the key is baked into the system for unattended boots? You need to protect the servers from physical theft. The only value of FDE would be marginal convenience in discarding used hard disks instead of destroying them. If someone can get into the machine room to steal the node and disk, they can also subvert the local disk-based or LAN-based boot processes and get the baked in passphrase.
...just like a gun does, I guess.
you had me at #!
You insensitive clod!
you had me at #!
Wow. A good indicator of whether someone doesn't have a CS education (or cheated their way through their CS education) is if they think that modern CPU speeds are at all a factor in whether to remove the need for fast disk subsystems. For applications where speed is the most important thing, programmers will attempt not to use the disk as much as possible. But when an application does use disk (and this is unavoidable in some circumstances-- e.g., file servers), your fast CPU does not change the fact that your CPU is many, many orders of magnitude slower than your physical disk.
Let's take a typical 2GHz CPU. This machine's clock ticks 2E9 times per second. If this machine has all of its ducks in a row, it can add a handful of numbers in a single clock tick. This is extremely fast, and here's HOW fast: For the sake of argument, let's say that you can perform, on average, 1 operation every 10 ticks on this machine, and so, 1 operation takes 5E-9 seconds.
Now, your typical access time on a fast hard disk—the time needed simply to locate the data, since this is the slowest part— is about 4 ms, or 4E-3 seconds. This is 6 orders of magnitude difference from a hard disk.
Put it this way: if we were to scale the above process so that 1 operation happened in one second, your computer would have to wait a little more than 9 days for the disk just to access the data, let alone read it. S-l-o-w.
I've been running PGP whole disk on my Mac for several months and the overhead is unnoticeable, so much so that I forget it's there until it's time to reboot and I'm presented with the passphrase prompt.
That's because the biggest costs from Truecrypt come in random access, not reading linear data. And USB disks don't have the random access issue.
Your ad here. Ask me how!
Yeah, the DoD machines ARE on the Internet, how do you think researchers from around the country get access to them to perform experiments? Now, classified work has to be done from a secured terminal either onsite or at a connected millnet site, but the unclassified interface IS available for many DoD computers from the Internet(2).
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Yeah, like I do that every day.
This protest sounds a lot like a Straw Man fallacy.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Hey, I can't help you with your question as I know very little about encryption myself. But I do have my own question. Recently my boss (who works off a laptop) has asked me about encrypting a single partition on his XP laptop. He doesn't want to encrypt everything out of fear of the performace hit. Can anybody recommend a good solution for single partition encryption? Thanks, Mike
Mike Clarke http://mystyleit.com CLS, WSCP, MCP, MCTS, MCSA+M, MCSE+M
The solution to this is obvious. If PGP encryption is required on all drives, fine. Just order 500GB of RAM and only use the drive for backup. That's only about US$6000 at today's prices. Cheap ;-)
The Network Computing article referenced here is ancient history. It says that PGP was "recently acquired by Network Associates" and it talks about support for FAT16 and FAT32. Network Associates sold PGP way back in 2002. See: PGP Corporation History
I recommend the original poster get some current information on the PGP product.
Anyone who is looking at the performance hit will find it, but I've never noticed on on my very low-end p4 Celeron laptop.
Most people overestimate what they really spend their time waiting for. Longer boot times? I reboot once week, never notice, etc. This is a typical narrow view. Try doing something you've always done and compare the times. Then check the time you waste reading Slashdot every day.
What is the value of not losing your client's data? Priceless.
It sounds like you had a bad experience with a "leaky" implementation of disk encryption and by "leaky" I mean that it was not virtual hard disk (i.e. lowest possible level encryption). Incidentally, this is also why I object to the Windows Vista "bit locker" encryption scheme, it does not implement the pre-boot virtual disk method. The best way to implement full disk encryption is to employ the pre-boot virtual disk method used by TrueCrypt (and also PGP, but I have no personal experience with that). That way, for all intents and purposes, the OS is completely naïve about the encryption (i.e. it is transparent to the OS) and therefore no special handling, other than the special disk driver for the virtual encrypted disk, is required on the part of the OS. It would be like using a special non-standard hardware for your data, the OS just asks you for the driver that works with that hardware (virtual disk in the case of TrueCrypt since the disk is actually the underlying HDD, possibly even hardware RAID if you have another layer below that). This is the "best" implementation IMHO, because it is completely transparent to all existing software, including the OS, and uses the existing facilities to seamlessly insert encryption into the hard disk read/write chain.
Your website's down...
Don't do high performance work on laptops. For servers etc, whole-disk encryption does nothing; insiders can break it by hardware key-logger or just logging in and taking the data on a personal drive, while outsiders have to physically penetrate (read: Rush the guards!) and steal the hardware. As long as the system is on, whole-disk encryption does nothing (except waste CPU); if the system is in a physically secure building, you should focus on the physical security of that building. Degauss drives before sending them out!
Support my political activism on Patreon.
Yes it does have a UPS, and the important data is mostly read and not written.
First, the article that you link to is not about the current products.
The article is about "PGP Disk" which is now what we call "PGP Virtual Disk." That is a container-disk encryption system. It is still offered along with PGP WDE, as it's nice to have both. There have been many improvements to it since that article was written.
My guess is that article is over ten years old. There's no date on it, but based upon what he says -- he installed it on Windows 95 running an AMD K6 200-MHz computer with 9 GB of Ultra DMA EIDE drives and 64 MB of SDRAM memory -- my guess is that it dates from late 1997.
If you want to do a fair comparison, let's also test against the experimental Linux 1.2 kernel, too, which also dates from about that time. That article also talks about CAST (which is still an option in Virtual Disk, but WDE uses AES). I can go on, but you're not asking about that, you're asking about WDE. My point is that if you research our present products and reference an article about a different product from last century, it's not going to tell you what you want.
I want to talk about the three main issues I see here: partitioning, compression, and performance.
When it comes to partitioning, PGP WDE operates below the partitions. We think that this is a huge benefit. We do not presently support dynamic repartitioning. It's a goal, as our long-term plan is to support Windows, Mac OS X, and Linux on the same disk with multiple partitions. We're not there yet. My personal opinion is that partitioning made sense when disks had megabytes. It doesn't make sense when they have terabytes, except for some obvious exceptions, like that you want to have a triple-boot disk. Your situation seems to be different, and I'd love to hear your views and needs for dynamic partitioning.
There are no issues with compression with WDE or Virtual Disk. I don't even understand what the issue could be. An encrypting driver writes blocks of ones and zeros. It's below the file system as well as below the partitioning system. It all just works. I'm using WDE on all my computers, and it just works.
The last issue, which you didn't bring up, but is important, is performance. When you measure *any* WDE system, not just ours, there is obviously a performance loss -- because you're adding the encryption. This is even true with hardware encryption.
Nearly any number between "essentially zero" and 100% are true, given what you measure. On a steady-state running system doing normal tasks, the WDE overhead is essentially zero. Users won't notice it at all.
At the other end of the scale, we've done some performance measurement, and compared the real WDE driver against one that no-oped the encryption. The result is that the encryption takes about 1/2 the time of the total driver throughput. You can call this 50% or 100% depending on how you like to count.
In a real-world situation, the real factor is how much time you are spending in the disk driver. If you have a heavily IO-bound system that's spending 30% of its time in the driver, then WDE is costing you 15% of your CPU. But if you're compute-bound, then WDE is costing you literally nothing.
However, if you get a hardware encrypting disk, you don't improve the situation. We've benchmarked some of the new encrypting spindles against their non-encrypting versions. The performance overhead is much worse for those than for our WDE. It adds zero to your CPU, but it's a huge latency issue, up to nearly a one-quarter drop. This shouldn't be a surprise -- we're doing the encryption on a 64-bit Intel or AMD processor, and they're doing it on an embedded CPU on the controller. Which one do you think is going to be faster?
There are a set of advantages and disadvantages to doing encryption on the CPU or on the disk, but speed goes to doing it in software. The speed advantage of software is only to shift even more to t
In business, those who can, do.
Those who can't do, go into management.
Those with no management skills go into marketing.
Good, inexpensive web hosting
FWIW, I run LUKS FDE on my 2.2 GHz Dual-Core Thinkpad T61 (7200 RPM SATA HDD) and there is certainly no noticeable difference between with and without. My guess is that on any modern (read, multi-core) system, FDE is not going to make any major difference. It's not like it's some computationally-intensive public-key scheme.
Fear the penguin.
I have successfully created a bootable PE cd that can mount PGP Partitions/Drives. This allows for recovery WITHOUT decrypting. A bad block on an encrypted drive is no different. If NTFS becomes corrupted or, heaven forbid, the master file table takes a dump, normally you WOULD have to decrypt first to fix, but not so with a bootable PE cd that can mount the partition. It is business as usual. There is MOST DEFINITIVELY a performance hit when running PGP, but mainly on the CPU. Disk performance itself is not very noticiable (i.e. somewhere between around a -7% in my own experience), but when there is high I/O, whach your system process take off. The filter driver for PGP runs under this process, and there is no doubt about it.
in these type of departments all the computer are on all the time anyways
Completely agreed - the only threat that full-disk encryption really prevents against is someone actually walking out of the data center with the disk. Nice and all, but not a full solution.
The company I work for (www.vormetric.com) has a policy-based file encryption product, so you can say things like "under this directory only user foo can read and write to files, and use this particular encryption key". So other users can't get there, and even if they could it's encrypted. There's no performance hit for everyone else, and it's transparent to applications. You might want to check it out.
-Mike
This sig no verb.
I don't think the issue is with security of the system more then security of the files. People just don't think security when they use their computer. Of course the confedential files could just be encrypted, Truecrypt offers making encryption compartments where the data could be stored. Its just that most people wouldn't use it. By encrypting the whole system the IT guy, who will lose his job over a security breach, can confidently say that yes the data is protected 100% of the time.
for all these encrypted machines? The OP doesn't indicate if the IT department is going to centrally manage them or if it's up to the individual workstation user. If the former, how are they going to distribute the keys and who's to say that the IT department secure enough to *not* be a single point of failure. If it's up to individuals how much do you want to bet that 50% of the passwords will be the name of your institution, your institution backwards or some other weak key. Unless the IT folks enforce a long and difficult-to-remember password strength model that's what you'll get. And if they do mandate long passwords then you'll get them sticky-noted to the monitor. Encryption is a good thing but just installing it doesn't really solve anything. I'm sure others have pointed this out above. . .
If the servers are locked in a room with limited access (like, oh, say, 95+% of servers in the corporate world), then the probably not.
Until they're retired and disposed off.
Of course it's not like break-ins don't occur (regardless of locks).
This was for a fileserver in a high performance cluster so speed mattered. I don't have the exact figures here right now, but from what I remember two years ago the software RAID solution was between 7 and 15% slower. Once you start hitting the performance limit your processes hit I/O wait and your performance goes down. When I added LVM to that back then performance got shot to hell.
Thanks to Moore's Law the available CPUs are twice as fast.
Also, since we have systems that tend to have multiple cores now, RAID can be done one and "real" work can be done on another.
+5 I Wish I Had That Idea ;)
I'm optimistic, slightly cautiously.
Whole disk encryption is excellent for security, but it will bog you down in disk access times.
Really? For each sequential read, I'd think that you'd have a delay as the first block is decrypted, then everything is following sequentially with no extra delay and a constant amount of CPU usage.
Most desk-/laptop are vastly overpowered for the common applications (slashtube, textproc and media). In the few cases where maximum performance is needed (e.g. games), you typically move all data into memory, then do compute-heavy stuff with _very_ little I/O, then write back what you need to. If the I/O and computation are disjoint, there's no slowdown, only a delay.
1%? Is PGP that efficient? With standard SSH encryption protocols on a 1GHz P-III, I see 100% CPU usage
by SSH on the receiving end. It is considerably faster to use a FS protocol like CIFS to xfer files, than
attempt to stream files through encryption. Those are just slowdowns on Gigabit network traffic.
I'd think the hit on encryption would be alot more noticeable versus local disk traffic, though I admit to not having tried it -- I felt if encryption cut network throughput by 50% or more, it had to really hurt disk encryption.
So what's the difference between ssh vs. pgp protocols -- is it possible to apply a pgp type protocol to an SSH stream resulting in something like 1% network slowdowns? I guess I don't understand why network traffic would be so much more considerably compute intensive to encrypt vs. disk I/O....??
Can anyone shed some light on this?
serve IT. The sooner you absorb this modern truth, the sooner you will cease your futile struggle.
In all likelihood, your only practical alternative is to look for a new institute.
"Not an actor, but he plays one on TV."
What you say may be correct, but he said the performance hit starts as soon as Windows loads. If this is literally true, then he probably doesn't have any apps running yet which makes me suspect a problem in the implementation. This is not typical to what I (or other people I have spoken to) have seen with mainstream encryption products.
LSD was invented by a Swiss chemist named Albert Hofmann.
It is hard to argue against a user who is negatively impacted by company wide rules, especially when they will not be involved in any potential exposure to security issues. But the top guys see it a different way, they know the cost of a breach, whether it is ss#s, health information or other supposedly private data. These costs can be huge in money, reputation and even their jobs. I was often the rogue user, so I think I understand. I am also the IT guy in our small branch of a major medical university and I know how it sucks to have rules limit your ability to do a job with the limited available resources. On the other hand, I have been lucky, our IT organization is very big, but also very good and they try to accommodate user needs, but the university needs still come first. We are also in the process of securing every portable device with encryption software, I am a bit apprehensive myself. And so it goes
On workstations and laptops there is certainly no noticeable difference if you have a good FDE software (and *recent* PGP software is quite good).
Even on servers I would not worry. I remember a customer having FDE on a very busy database server and it was fine.
FDE is your friend, and can even save you some jail time: http://en.wikipedia.org/wiki/United_States_v._Boucher
lucm, indeed.
Well, your not using public private keypair encryption except for some key managment.. the actual encryption is going to be by a symmetric algorithm. Now, it's going to load the cpu.. the trick is to get a fast algorithm, so use AES-256 for your symmetric. That's a lot faster than triple des or blowfish. Second.. why pgp?? oh, well, it's "known". If you can do it, create a silicon drive for yourself and use that for your code, although I'd be more worried about the windows swap file than my data access, given what a pig windows is anyway. Sux man to have to deal with that.. maybe you can dig some stuff out of bruce schneider's work and talk them out of "crypo-snake oil"
PGP or truecrypt does solve the problem of protecting data at rest granted there is a degradation in processing power. The issue stays that if you are moving the data around or forgot to lock your PC when you went for that smoke break ... your system is as vulnerable as there is no encryption. Over and over again we all read that majority of the data theft happens internally by employees. For this specific use-case how does PGP or truecrypt helps that researcher when he is about to submit the patent information to the authorities (data in motion).
If you look at an alternative view of data protection at a file-level the advantage you get over whole disk encryption is two-fold. Data at rest is encrypted and because the encryption is applied at the data itself, the data stays encrypted even in motion.
Because we live in a heterogeneous computing platform environment and not knowing the landing platform of the data a solution which is biased on the platform and carries encryption with it at all the time would be very much beneficial for business processes.
I am not saying whole disk encryption is a bad protection platform but it is a not a complete data protection platform. IMHO it leaves the data at risk of exposure. Complimenting the whole disk encryption strategy becomes very critical when compliance is in play for organizations and peace of mind for data owners.
We solved this issue with following the file level security philosophy and enforcing IT policies of how the data is encrypted. Also not knowing the platform of the data recipient poses another challenge. Looking out for a ubiquitous solution that will solve all our business problem, we came across a ZIP container approach. Talking to the inventors of the ZIP container all of our issues were solved in the most efficient manner. Just a first hand experience to share with the community.
The technical details raised in response are all correct, and they or other solutions existed at the time. The existence of technical capabilities do not influence the probabilities of humans to use them. When it comes to security, in the absence of strict guidelines such as HIPAA (which is relevant to patients but irrelevant to biomedical but non-patient data) people often choose to err on the side of more security.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
It's always a case of 'your milage may vary', but putting Truecrypt on my laptop ***INCREASED*** disk speed by 10% (GRC.com confirmed this too).
However CPU impact, while copying a large file (90 second copy time), was up by 40%.
CPUs are faster than disks. If you have 40% spare CPU when you are reading/writing disks, there is no impact from using TrueCrypt.
I wish people would test rather than speculate.
Dom
Protozoa are people too, and they deserve their privacy. If only one or two protozoa use encryption, that will cause fingers to be pointed, and so on. It's best if they all use it.
I personally don't like whole disk encryption at all. Without even mentioning the Cold Boot Attacks, there are many reasons why I much prefer File Based Encryption. Read here for more info:
Full-vs-File-Based-Encryption/