[sf-lug] Full Disk Encryption options?

[Erich Newell]

>
> Anyone who refers to whole-disk encryption as a simple solution has a
> perspective problem.
>
>
I never referred to my solution as "simple"...just "as simple as it gets".
Hence, my reference at the end to HL Menckel's famous quote. Data security
is a complex problem...thankfully for me, as I'm pretty well guaranteed
employment for life..but I digress. My intent was to share what is (in my
not so humble opinion) the simplest effectual solution for data security on
a laptop.

The solution of "always know where your towel (laptop) is"...doesn't make
muster for anyone who has one lick of sensitive data on their respective
computing devices. Unless the drive is wholly encrypted, it is pretty
trivial for me to completely pwn your laptop with a few minutes of
access...let alone the possibilities if I have it in my hands permanently. A
good data encryption solution can marginalize or even prevent this situation
entirely. If the device is stolen, calling the police will not unexpose the
data that has been lost. I'm not talking about some kid grabbing your bag as
you walk down the sidewalk, but a savvy criminal with skills.


> > 1. Encrypt entire drive except boot disk and crypto keys (needed for
> using
> > said encrypted device)
> > 2. Keep crypto keys and boot disk on your person at all times.
>
> So, when the bad guys install the obvious and now-traditional hardware
> keylogger, they'll be really amused, right?  Maybe they'll leave you a
> tip for comedy services.
>
>
If you are referring to the really lame PS2/USB dongles. I'm afraid I'd
notice if I left my laptop for a few minutes and returned to find it had
grown and additional appendage. Further...they do not work unless attached
to an *external* keyboard.

You show me any such device that works on a laptop and I'll show you someone
who is about to be "disappeared" by the NSA or worse. The device you are
imagining does not exist outside the realm of multinational espionage...


> At $FIRM, if I didn't want my laptop with me, say, over lunch, I found a
> place to physically lock it up.  Since I lived on Harrison near 3rd/4th
> at the time, and $FIRM was not too far away in SOMA, that often meant
> just bicycling home for a moment -- or locking it up in a friend's car.
>
> > In counter point: what do you do when someone breaks into your house /
> car /
> > office / hotel room and steals your HD or PC?
>
> Call the cops and dust for fingerprints, for starters.  What do you
> _think_ I'd do?  (You appear to be attributing to me an assertion that
> my data cannot be stolen.  The critique would be valid, if only I had
> made such a claim.  Alas....)
>

Once again...what does locking your laptop in your friend's car do for the
security of the data on your device? The bizarro-world situation of having
your employer being the only/primary threat to your data is a situation
unique to you and you alone. For the rest of us, who are concerned with many
different potential threat vectors, there needs to be an appropriate
mechanism for safeguarding our data at all times. Calling the police won't
do a damn thing to retrieve the multi-billion-dollar
-super-secret-plans-to-the-death-star that we were working on at the time of
theft.


>
> > I'm afraid multi-layered does not equal "over engineered".
>
> I did not claim it did.  What I said was:  Your solution does not
> competently address the described threat model.
>
>
Please detail to me how an appropriately deployed full disk encryption
solution does not competently address the scenario of data security on a
laptop hard drive. If there is a potential attack vector that is not
addressed by *this* solution (the one I have proposed and use), I would like
to discuss it and work towards a better approach.



> Obviously, you are not going to be convinced, but you appear to have a
> perspective problem and are over-enamoured of complex software solutions
> to problems that fundamentally cannot be addressed using software.
> Which makes you about typical for a computer geek, really.
>
>
Actually, I am quite open to being convinced. However, that would require a
cogent argument that illustrates critical flaws in my methodology or the
topic at hand. I am a strong proponent of the mechanism I use because I find
it practical and more importantly, functional. My solution works all day,
every day. I don't have to waste time scurrying away with my laptop every
time I run to the restroom and feel quite comfortable leaving it running on
my desk at $FIRM while I run out to lunch...something that many of us MUST
do because our computers continue to do $WORK while we are away (Its a
revolutionary concept I know, but popular with us "computer geeks").

Since you seem to be an expert on the subject: I'd like to know what
configuration you used when benchmarking the performance loss resulting from
data encryption so I can save myself some time in the future. Although I
find the performance hit with my current configuration acceptable, I may
need to change it in the future and wouldn't want to do any unnecessary /
repetitive work.

If you can provide some Bonnie++ results that would be great. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20080324/191c7f85/attachment.html>