Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] NAS: encryption

On Wed, Jul 08, 2015 at 10:49:40AM -0400, Richard Pieri wrote:
> On 7/8/2015 10:23 AM, markw at wrote:
> >The problem with internal drive encryption is getting any level of
> >disclosure and accountability.
> This is simply not true.
> FIPS security profiles are public record. Here's the security
> profile for the cryptographic module used in several of Seagate's
> enterprise SEDs:
> The process of obtaining the certificate is accountability in and of
> itself. The device or software is tested by an accredited test lab
> to ensure that it works as described in the security profile. If
> anything fails to work as documented then the device or software is
> sent back to the vendor to correct the fault or update the security
> profile.

I think this whole discussion revolves around choice.  With open
source, I have a choice to audit the code if I so desire, or to hire
someone to do so on my behalf.  With internal drive encryption, I have
(almost) no choice but to trust someone else's judgement about the
implementation, whether that be the manufacturer or the government or
some industry body or nonprofit.  Their incentives and my incentives
may not always be aligned.

I say "almost" no choice, because I guess I could reverse engineer the
device.  But this is much harder to do than if I had the source code
in the first place.  Isn't that one of the major selling points of
open source software?

Even if I do not exercise my choice to audit the code, the mere fact
that anyone can chooose to do so at any time can be a deterrent to
trying to "pull a fast one" and hide malicious code in there.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /