Thread: So why don't we use full disk encryption on all mobile devices?
View Single Post
  #9 (permalink)  
Old 11-04-2006, 09:18 PM
Unruh
Guest
  
Posts: n/a
Default Re: So why don't we use full disk encryption on all mobile devices?
"Saqib Ali" <docbook.xml@gmail.com> writes:

>OK, the review of the 7 Full Disk Encryption suites is now complete.
>The results are at:
>http://www.xml-dev.com/blog/index.ph...ewtopic&id=250

>I did an analysis of various FDE solutions to find the best one for my
>needs. The key thing I was interested was that it must be AES 256,
>reasonably fast, inexpensive, and *offer key recovery in case of
>password loss*.

Sorry, AES 256 why? It is idiotic in that finding a 128 bit key is simply
infeasible now and in the rather distant future.
And then you demand key recovery which means that you automatically make
the system weak. If you can recover the key, so can the enemy. Ie, it is
like saying "I want a 1 foot thick steel door for my home, and I want a cat
door in it, so if I forget my key I can reach in and unlock it. "

>Compusec is great for home / personal use. It is cheap i.e. $0.00
>(Free), and does not slow down the computer as much as the other
>products. But that is because it only support 128 bit AES, which is a
>major drawback as most enterprise settings require at least 256 bit

How in th eworld is that a drawback? Under what rational criteria is that a
drawback?


>AES. Compusec also has a great online support forum where you can get
>your questions answered by Compusec employees and other experienced
>users.

>I ended up purchasing both Utimaco and Pointsec. They are excellent
>products. They both support AES 256. The downside is that they are
>little bit expensive (Pointsec:$170 ; Utimaco:$200) and slow.

>The best thing is they both offer great password / encryption key
>recovery capabilities. You can create a recovery disk with both
>products.

>They also offer password recovery using Challenge / Response sequence,
>where the IT Helpdesk can perform a Challenge/Response sequence with
>the user to help them recover the password or reset it to a new one.
>Off course Challenge/Response password recovery is the NOT most secure,
>especially if the user is remote, but you have the option to disable it
>on the laptop if you want.

And now you tell me that a third party also has your key as well? Sheesh.


>.

>saqib
>http://www.full-disk-encryption.net


Reply With Quote