[Discuss] CipherShed: TrueCrypt fork

[richard.pieri at gmail.com (Richard Pieri)]

On 10/1/2014 5:48 PM, Bill Bogstad wrote:
> Actually, they don't do everything that (open source) software
> encryption does. They don't let you (or you an agent of your choice)
> audit the encryption algorithms/implementation to verify that
> everything is being done to spec.

True as far as your choice; false as far as verification. Opal SSC is a 
spec from the Trusted Computing Group and you don't get to use the Opal 
marks if your hardware does not comply with the Opal specs. 
Additionally, the vendors (I know Seagate and Toshiba for certain) 
obtain FIPS 140-2 certification for the cryptographic modules in their 
SEDs (at least for some drives).

Actually, there is one thing that software-based encryption can do 
better and that's key management in enterprise environments. But we 
weren't discussing that; we've been discussing personal scale.

-- 
Rich P.