Menu

Michael Gracie

Encrypt the whole disk, or just the parts?

RFO (Request for Opinions) on PGP Whole Disk Encryption:

Interestingly, it is hard to find any negative articles on PGP, probably because most of them are written by IT pros who are only focused on the security, and not usability. I therefore ask the Slashdot community, what are the disadvantages of PGP in terms of performance, Linux, and high-performance computational research?

I’m not sure about the performance aspects, but I’ve always been a fan of virtual disk (image) encryption. It’s a usability issue, centered primarily on portability.

Secondarily, I was always wary about relying on one piece of third-party software that I was constantly forced to upgrade along with OS’s. During my last OS upgrade (from OS X 10.4 to 10.5) I bagged PGP altogether – I’m now using regular old disk images and encrypting them with 10.5’s resident AES-256 functionality. As for email, usability (centered on the relative complexity of public key encryption in available email clients) really stinks all around, which is probably why so few have adopted it. But I suspect a solution to that issue will present itself forthwith.

Researchers Find Way to Steal Encrypted Data

Sadly, the headline is somewhat amiss.

Researchers have actually figured out a way to steal data from hard disks which are encrypted in full by operating systems’ resident protection schemes. In other words, I don’t believe this method would work on file/container encryption with passphrases (which happens to be my personal preference).

Full disk encryption nowhere close to foolproof

The talk is directed at Bitlocker, the full disk encryption in Windows Vista, but it applies to all similar methodologies.

It’s simple. Fools don’t have physically secure, unencrypted backups. Fools think everything should run like lightning, regardless of the strain on the system. And, of course, fools lose passwords.

Doesn’t sound foolproof.

Might I suggest using virtual disk encryption, like that offered by PGP. It is slightly more cumbersome but puts less strain on the system and the “product” is portable – better design for fools (like me).