Slashdot Mirror

← Back to Stories (view on slashdot.org)

Resisting the PGP Whole Disk Encryption Craze

Posted by samzenpus on from the what-do-you-think dept.

alaederach writes "I run a lab in a non-profit academic life sciences research institute. Our IT recently decided it would be a good idea to use PGP whole disk encryption on all of our computers, laptops and servers and picked PGP's suite of software. The main reason is that a small subset of our researchers work with patient information which we obviously are mandated to keep confidential. My lab does a lot of high-performance computational work (on genes from Tetrahymena, no humans here) and I am concerned that the overhead of complying with our ITs new security policy will be quite detrimental to my research program. For example, dynamically reallocating a partition on a PGP encrypted disk is apparently not possible. Furthermore, there is some evidence that certain forms of compression are also incompatible with PGP whole disk encryption. Interestingly, it is hard to find any negative articles on PGP, probably because most of them are written by IT pros who are only focused on the security, and not usability. I therefore ask the Slashdot community, what are the disadvantages of PGP in terms of performance, Linux, and high-performance computational research?"

2 of 480 comments (clear)

  1. Good question! by Ceriel+Nosforit · · Score: 0, Offtopic

    Good question! It's nice to see something of this caliber on Ask /. for a change.

    I have no clue what the answer is, though.

    --
    All rites reversed 2010
  2. Re:Encryption is good for security, bad for perfor by raddan · · Score: 1, Offtopic

    Wow. A good indicator of whether someone doesn't have a CS education (or cheated their way through their CS education) is if they think that modern CPU speeds are at all a factor in whether to remove the need for fast disk subsystems. For applications where speed is the most important thing, programmers will attempt not to use the disk as much as possible. But when an application does use disk (and this is unavoidable in some circumstances-- e.g., file servers), your fast CPU does not change the fact that your CPU is many, many orders of magnitude slower than your physical disk.

    Let's take a typical 2GHz CPU. This machine's clock ticks 2E9 times per second. If this machine has all of its ducks in a row, it can add a handful of numbers in a single clock tick. This is extremely fast, and here's HOW fast: For the sake of argument, let's say that you can perform, on average, 1 operation every 10 ticks on this machine, and so, 1 operation takes 5E-9 seconds.

    Now, your typical access time on a fast hard disk—the time needed simply to locate the data, since this is the slowest part— is about 4 ms, or 4E-3 seconds. This is 6 orders of magnitude difference from a hard disk.

    Put it this way: if we were to scale the above process so that 1 operation happened in one second, your computer would have to wait a little more than 9 days for the disk just to access the data, let alone read it. S-l-o-w.