Educause Security Discussion mailing list archives
Re: Product request - Enterprise whole disk encryption for laptops
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Sat, 15 Jul 2006 12:44:04 -0400
On Sat, 15 Jul 2006 11:59:14 EDT, Dave Koontz said:
FREE CompuSec was recently mentioned on one of my other lists. Does anyone have any experience with this product? It seems pretty feature rich for free, although it seems it is limited to AES 128 encryption rather than AES 256?
The first thing to do is to figure out if AES128 is sufficient for what you're trying to protect. Quite likely it is - even the 128-bit variant is still going to take several million CPU-years to brute-force break. So any weakness will be in the key management (as usual). And those vulnerabilities are likely shared across the free and pay versions. Of course, the pay version may have *other* worthwhile features, such as better checking for strong passphrases. And keep this in mind everybody - you can be using bazillion-bit crypto, but if that passphrase has only 40 bits of entropy, it's still 40-bit crypto. 1: Standard English only has about 2.2 bits of entropy per character. 2: The standard 96 printables have 3.5 bits *max*. Moral 1: There is no way to create a 16-character password from the set of 96 printables that is *effectively* any stronger than single-DES. Moral 2: To get actual 128 bit strength, you either need a passphrase at least 36 characters long, or start including control-alt-meta-cokebottle characters in the passphrase. These need to be *seriously* considered when contemplating desktop/laptop encryption - I've seen all too many sites totally fail to understand this... Don't blame me, blame Shannon. I'm just the messenger here. :)
Attachment:
_bin
Description:
Current thread:
- Product request - Enterprise whole disk encryption for laptops Youngquist, Jason R. (Jul 14)
- <Possible follow-ups>
- Re: Product request - Enterprise whole disk encryption for laptops Krizi Trivisani (Jul 14)
- Re: Product request - Enterprise whole disk encryption for laptops David Morton (Jul 14)
- Re: Product request - Enterprise whole disk encryption for laptops Graham Toal (Jul 14)
- Re: Product request - Enterprise whole disk encryption for laptops Harold Winshel (Jul 14)
- Re: Product request - Enterprise whole disk encryption for laptops James H Moore (Jul 14)
- Re: Product request - Enterprise whole disk encryption for laptops Harold Winshel (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Cam Beasley (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Dave Koontz (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Valdis Kletnieks (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Roger Safian (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Harold Winshel (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Charlie Prothero (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Valdis Kletnieks (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Valdis Kletnieks (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Valdis Kletnieks (Jul 15)
- Re: Product request - Enterprise whole disk encryption for laptops Roger Safian (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Roger Safian (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Valdis Kletnieks (Jul 17)
- Re: Product request - Enterprise whole disk encryption for laptops Roger Safian (Jul 17)
(Thread continues...)