Slashdot Mirror
Resisting the PGP Whole Disk Encryption Craze
alaederach writes "I run a lab in a non-profit academic life sciences research institute. Our IT recently decided it would be a good idea to use PGP whole disk encryption on all of our computers, laptops and servers and picked PGP's suite of software. The main reason is that a small subset of our researchers work with patient information which we obviously are mandated to keep confidential. My lab does a lot of high-performance computational work (on genes from Tetrahymena, no humans here) and I am concerned that the overhead of complying with our ITs new security policy will be quite detrimental to my research program. For example, dynamically reallocating a partition on a PGP encrypted disk is apparently not possible. Furthermore, there is some evidence that certain forms of compression are also incompatible with PGP whole disk encryption. Interestingly, it is hard to find any negative articles on PGP, probably because most of them are written by IT pros who are only focused on the security, and not usability. I therefore ask the Slashdot community, what are the disadvantages of PGP in terms of performance, Linux, and high-performance computational research?"
"Marketing is not a science even if its an Open Source project"
His lab works with a protozoa, and has massive computational requirements. There will never be any patient data near his lab...
Crikey Alaederach! Get that encryption software installed pronto. Your personal details are already being leaked on to the web!
"Marketing is not a science even if its an Open Source project"
Run some tests on a drive. Run TrueCrypt, re-run the tests, look the difference in CPU load and performance and then try and work out where the 1% number comes from.
Personally I think its based on averaging time across when you aren't using the machine.
My blog
The other thing I cannot understand is why anyone would want to run whole-disk encryption on a compute server. Even the US DoD machines that are used for classified research do not do this!
The DoD has tanks, fighter-bombers and men with M-16s to keep their servers secure. Encryption isn't as necessary for them.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
I don't want my data leaked, thank you very much!
...network administrator...the policy stands unbreakable, period. There is no compromise.....
the user's needs are seen to
You say the security policy is unbreakable but your let users touch the network. You my friend live on the EDGE! There's no way I'm letting actual users get anywhere near my secure network.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Yeah, it's more because we have experience with people breaking things and us getting the blame. As an example at a previous employer we had a CEO with ADD, while sitting in a meeting in our training room he got fidgety and plugged the patch cable from one seat into the popup port at another seat. This caused a loop which brought down the entire C-row of the company. Luckily we used good switches so the problem was recognized by all the other switches and they stopped talking to the one that was going crazy thus saving the rest of the company, but until I figured out what the problem was I had 5 very angry executives yelling at me because they couldn't work.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.