BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] NAS: encryption
- Subject: [Discuss] NAS: encryption
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- Date: Wed, 8 Jul 2015 10:23:56 -0400
- In-reply-to: <BY1PR0401MB164127DEA53006B9692DC60CDC920@BY1PR0401MB1641.namprd04.prod.outlook.com>
- References: <5596D8DA.2000201@gmail.com> <55980A9F.4020007@gmail.com> <BY1PR0401MB1641117906253C39D8075681DC940@BY1PR0401MB1641.namprd04.prod.outlook.com> <sjmd203evpz.fsf@securerf.ihtfp.org> <CAFv2jcba50_Kw9V-p7brmeJ5Fk=9rzeQRLRzBUVRK8uZ71wZNA@mail.gmail.com> <BY1PR0401MB164127DEA53006B9692DC60CDC920@BY1PR0401MB1641.namprd04.prod.outlook.com>
>> From: John Abreau [mailto:abreauj at gmail.com] >> >> "Edward Ned Harvey (blu)" <blu at nedharvey.com> writes: >> >> > You seem to think there's an obstacle which isn't really real - >> > Encryption is very cheap computationally, so cheap indeed it can be >> > done by the disks themselves. >> >> >> ??On Tue, Jul 7, 2015 at 1:14 PM, Derek Atkins <warlord at mit.edu> wrote: >> I don't trust my disks to do the encryption, mostly because there's >> really no way to verify that it's doing it correctly, and the key >> management gets a lot harder. >> >> The way I read it, the message wasn't that you should trust the disk to >> do the >> encryption; it's that encryption has very low overhead today, and the >> reference to disk-based encryption was merely to illustrate that point. > > It seems silly not to trust the disk to do encryption, when you'd trust > some software that you equally haven't decompiled and inspected. > The difference is that with "open source" software, specifically the crypto library in openssl, because that's how people get FIPS certified, many people do audit the code. Maybe not you, but many, and the fact that we have so many CVE notices means that people are. Did *you* verify the crypto had no holes? That the random number generator had enough entropy? That the proper key length was used, and so on. No, you didn't, but many people have, and most importantly, have the ability to inspect this. The problem with internal drive encryption is getting any level of disclosure and accountability.
- Follow-Ups:
- [Discuss] NAS: encryption
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] NAS: encryption
- References:
- [Discuss] NAS: buy vs. build
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] NAS: encryption
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] NAS: encryption
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] NAS: encryption
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] NAS: encryption
- From: abreauj at gmail.com (John Abreau)
- [Discuss] NAS: encryption
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] NAS: buy vs. build
- Prev by Date: [Discuss] NAS: encryption
- Next by Date: [Discuss] NAS: encryption
- Previous by thread: [Discuss] NAS: encryption
- Next by thread: [Discuss] NAS: encryption
- Index(es):