[Discuss] Full disk encryption, why bother?
Tom Metro
tmetro-blu at vl.com
Tue Jan 3 17:01:31 EST 2012
Richard Pieri wrote:
> Tom Metro wrote:
>> Are you using full disk encryption?
>
> I don't. I take care of my gear. I made this statement before: I
> see WDE as enabler for carelessness.
The EFF article I quoted references a prior EFF article on border
crossing inspections. The encouragement to encrypt was more for privacy
than for theft prevention.
As someone who goes through US Customs several times a year, this gives
me some concern, albeit minor. You may think you have nothing to hide,
but why open yourself up to a potential fishing expedition? With the way
copyright laws are trending (see SOPA), it wouldn't surprise me if being
caught with a downloaded broadcast TV show on your computer will someday
result in felony charges.
> Never mind that I have a pair of Mac Minis playing server. Sometimes
> they need to be restarted remotely. Can't do that with WDE.
I guess for that you'd need a console server.
Daniel Feenberg wrote:
> I don't see much point in encrypting data on a network server - if the
> disk is mounted then the plain-text is available to an intruder and the
> addition of an encrypted version doesn't enhance security.
It does if the intruder is physically stealing the disk drive or the
server. This would also likely apply in a government seizure scenario.
They'd likely remove the equipment from the premises first, and attempt
access later. (Though maybe they've wised up to this possibility?0
So yeah, you're guarding against a highly unlikely scenario, but it
still has some benefit.
> I have used Truecrypt, but am put off by the documentation, which
> suggests that the primary purpose of encryption is to avoid police
> inspection. As xkcd pointed out, this is hopeless
> ( http://xkcd.com/538/ ).
[The cartoon makes the point that you can be tortured with a $5 wrench
to give up your password, so your high-tech encryption is pointless.]
But this is what plausible deniability is all about:
http://www.truecrypt.org/docs/?s=plausible-deniability
If you're in a situation where law enforcement *knows* you have
something they want on your disk, you've got bigger problems than your
choice of full disk encryption software. :-)
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list