[Discuss] CipherShed: TrueCrypt fork
Richard Pieri
richard.pieri at gmail.com
Wed Oct 1 20:15:00 EDT 2014
On 10/1/2014 5:48 PM, Bill Bogstad wrote:
> Actually, they don't do everything that (open source) software
> encryption does. They don't let you (or you an agent of your choice)
> audit the encryption algorithms/implementation to verify that
> everything is being done to spec.
True as far as your choice; false as far as verification. Opal SSC is a
spec from the Trusted Computing Group and you don't get to use the Opal
marks if your hardware does not comply with the Opal specs.
Additionally, the vendors (I know Seagate and Toshiba for certain)
obtain FIPS 140-2 certification for the cryptographic modules in their
SEDs (at least for some drives).
Actually, there is one thing that software-based encryption can do
better and that's key management in enterprise environments. But we
weren't discussing that; we've been discussing personal scale.
--
Rich P.
More information about the Discuss
mailing list