Re: [Fed-Talk] Re: FIPS 140-2 discussion...
Re: [Fed-Talk] Re: FIPS 140-2 discussion...
- Subject: Re: [Fed-Talk] Re: FIPS 140-2 discussion...
- From: "Timothy J. Miller" <email@hidden>
- Date: Mon, 18 May 2009 09:06:40 -0500
Mark Radleigh wrote:
On another note, Amanda was mentioning wanting a "hardened ExpressCard" that
works with a KSD-64 equivalent (or something like that). I remember last
year at a crypto conference that a particular company actually had an
'external' drive that required a PIN or KSD type 'key' to unlock (yes, the
whole hard drive was encrypted). It worked, but sure was clunky at the
time! However, I did heard rumors that they would have re-engineered it for
laptops by now. Sure wish I could see what they came up with and hope it
will work with MacBooks! :)
Onboard hard drive disk encryption is available in at least a half-dozen
commercially available drives at my last count (which was sometime late
last year).
The problem is entering the credential from which the volume master key
is derived. When the drive is in the case, where do you type your PIN?
This raises all sorts of trusted path issues that aren't simple to
solve.
The next question is, how do you support a smartcard credential? (Yes,
there are *very* good reasons for this, not the least of which is most
enterprises using smartcard *encryption* keys escrow said keys for
recovery purposes, which can easily be applied to the drive; why have
*two* encryption recovery architectures when one will suffice?)
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden