dan (at) recyclepcs (dot) com [email concealed] wrote:
> This would seem to be a security no brainer. What are its limitations?
>
To add on what has already been pointed out - Crypto changes. Today,
<insert favorite strength of AES> or whatever flavor of crypto you use
is practically secure for the necessary lifetime or duration of the data
being protected. That could change tomorrow, and lock-in from the
particular vendor on the type of crypto in hardware is going to prevent
upgrades if the algorithm is found with a flaw, or brute-force attacks
increase with such vigor as to find a way around the cryptography.
(read: quantum computing). It is a long shot, but needs to be considered
in the scope of the risk assessment for choosing a hardware or software
based FDE solution.
> This would seem to be a security no brainer. What are its limitations?
>
To add on what has already been pointed out - Crypto changes. Today,
<insert favorite strength of AES> or whatever flavor of crypto you use
is practically secure for the necessary lifetime or duration of the data
being protected. That could change tomorrow, and lock-in from the
particular vendor on the type of crypto in hardware is going to prevent
upgrades if the algorithm is found with a flaw, or brute-force attacks
increase with such vigor as to find a way around the cryptography.
(read: quantum computing). It is a long shot, but needs to be considered
in the scope of the risk assessment for choosing a hardware or software
based FDE solution.
My $0.02 in the pot.
Hope you find the answers you are looking for.
-James
--
-------------
James Fryman
[ reply ]