[Ma-linux] non-Windows laptop encryption
Johnson, Steve (NIH/OD/ORS) [E]
johnsons at vrp.ncrr.nih.gov
Mon Aug 13 08:13:11 EDT 2007
>> ATA interface standard includes an access control mechanism . .
>> protect the disk, so that you could not take the drive out and read
it on another machine
While not completely germane to "Bulk Disk Encryption" this reminds me
of the "fill devices"
http://en.wikipedia.org/wiki/AN/CYZ-10
"for securely receiving, storing, and transferring data between
compatible
cryptographic and communications equipment"
and
"capable of storing 1,000 keys
<http://en.wikipedia.org/wiki/Key_%28cryptography%29> , maintains an
automatic internal audit"
This is all congruent with what one of the contributors to the list
stated about being a security expert - that the whole day can be spent
resetting lost passwords.
Just on a conceptual plane my question becomes why push password
lower in the stack, in the case of "Bulk Encryption" below the level of
the OS.
As an initial reaction the application level seems, well, just as secure
in that the data is encrypted on the disk. It is just not a bulk
action.
A smart card is similar to these "fill devices" in that User is not
being asked
to type in a lot of passwords frequently.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/ma-linux/attachments/20070813/53152a45/attachment-0001.html
More information about the Ma-linux
mailing list