Slashdot Mirror

← Back to Stories (view on slashdot.org)

Resisting the PGP Whole Disk Encryption Craze

Posted by samzenpus on from the what-do-you-think dept.

alaederach writes "I run a lab in a non-profit academic life sciences research institute. Our IT recently decided it would be a good idea to use PGP whole disk encryption on all of our computers, laptops and servers and picked PGP's suite of software. The main reason is that a small subset of our researchers work with patient information which we obviously are mandated to keep confidential. My lab does a lot of high-performance computational work (on genes from Tetrahymena, no humans here) and I am concerned that the overhead of complying with our ITs new security policy will be quite detrimental to my research program. For example, dynamically reallocating a partition on a PGP encrypted disk is apparently not possible. Furthermore, there is some evidence that certain forms of compression are also incompatible with PGP whole disk encryption. Interestingly, it is hard to find any negative articles on PGP, probably because most of them are written by IT pros who are only focused on the security, and not usability. I therefore ask the Slashdot community, what are the disadvantages of PGP in terms of performance, Linux, and high-performance computational research?"

12 of 480 comments (clear)

  1. Re:Encryption is good for security, bad for perfor by msormune · · Score: 1, Funny

    True. I have serious doubt we even need hardware RAID anymore with current CPU speeds. A few % overhead does not seem much.

  2. FileVault by Anonymous Coward · · Score: 1, Funny

    Problem solved. That will be $1000.

  3. Re:Repeat after me by Anonymous Coward · · Score: 5, Funny

    "Marketing is not a science even if its an Open Source project"

  4. Re:People misunderstanding the question... by kefa · · Score: 4, Funny

    His lab works with a protozoa, and has massive computational requirements. There will never be any patient data near his lab...

    Crikey Alaederach! Get that encryption software installed pronto. Your personal details are already being leaked on to the web!

  5. Re:People misunderstanding the question... by yttrstein · · Score: 1, Funny

    There is no misunderstanding the question. A $USER is frustrated because the security is slowing him down. $IT_DEPT is frustrated because $USER does not understand why it's so important and keeps whining about it.

    In the Right World, where all things are Right, and all people only think the Right thing at all times, $IT_DEPT wins.

    What will happen here is anyone's guess, but really all $USER needs to do is adapt to a changed environment, which is never, never as difficult as designing that environment in the first place. $USER doesn't know how good he's got it.

  6. Re:Repeat after me by morgan_greywolf · · Score: 2, Funny

    "Marketing is not a science even if its an Open Source project"

    Run some tests on a drive. Run TrueCrypt, re-run the tests, look the difference in CPU load and performance and then try and work out where the 1% number comes from.

    Personally I think its based on averaging time across when you aren't using the machine.

    --
    My blog
  7. Re:Encryption is good for security, bad for perfor by Lord+Kano · · Score: 2, Funny

    The other thing I cannot understand is why anyone would want to run whole-disk encryption on a compute server. Even the US DoD machines that are used for classified research do not do this!

    The DoD has tanks, fighter-bombers and men with M-16s to keep their servers secure. Encryption isn't as necessary for them.

    LK

    --
    "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  8. Re:People misunderstanding the question... by Anonymous Coward · · Score: 2, Funny

    ...cause I know when I mod comments, I always review the submitters entire body of work to ensure that I take their message in correct context.

  9. Re:People misunderstanding the question... by Anonymous Coward · · Score: 1, Funny

    We could always use a "-5, Self-Replying Tool" mod around here

  10. I'm a Protozoa.. by MancunianMaskMan · · Score: 2, Funny
    ..you insensitive clod.

    I don't want my data leaked, thank you very much!

  11. Re:People misunderstanding the question... by ArhcAngel · · Score: 2, Funny

    ...network administrator...the policy stands unbreakable, period. There is no compromise.....

    the user's needs are seen to

    You say the security policy is unbreakable but your let users touch the network. You my friend live on the EDGE! There's no way I'm letting actual users get anywhere near my secure network.

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  12. Re:People misunderstanding the question... by afidel · · Score: 2, Funny

    Yeah, it's more because we have experience with people breaking things and us getting the blame. As an example at a previous employer we had a CEO with ADD, while sitting in a meeting in our training room he got fidgety and plugged the patch cable from one seat into the popup port at another seat. This caused a loop which brought down the entire C-row of the company. Luckily we used good switches so the problem was recognized by all the other switches and they stopped talking to the one that was going crazy thus saving the rest of the company, but until I figured out what the problem was I had 5 very angry executives yelling at me because they couldn't work.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.