LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SparkleShare 1.0 released

SparkleShare 1.0 released

Posted Dec 10, 2012 15:50 UTC (Mon) by littlesandra88 (guest, #64017)
Parent article: SparkleShare 1.0 released

If it doesn't get Escrow passphrases, then it can not be used for enterprise.

This is a big problem for OSS full disk encryption. Non have this feature.

(Log in to post comments)

SparkleShare 1.0 released

Posted Dec 10, 2012 16:00 UTC (Mon) by cesarb (subscriber, #6266) [Link]

At least LUKS can have multiple keys (cryptsetup luksAddKey). You could use one slot for day-to-day use and another slot for a passphrase kept on a safe somewhere, or you could use one slot per person so multiple people could decrypt the disk without knowing each other's passphrase.

SparkleShare 1.0 released

Posted Dec 10, 2012 16:00 UTC (Mon) by josh (subscriber, #17465) [Link]

Not all enterprises require that "feature"; many use full disk encryption without it.

Also, LUKS has the option of multiple independent passphrases for the same encrypted device, so an enterprise installation of it could easily set a backdoor passphrase in one of the secondary passphrase slots.

SparkleShare 1.0 released

Posted Dec 11, 2012 13:38 UTC (Tue) by ekj (guest, #1524) [Link]

That -entirely- is in the "it depends" category. We use full-disc-encryption primarily for added security in the case of stolen and/or misplaced laptops.

There's no escrow of the passphrases - but this is not show-stopper because we've got unencrypted backups of the content. Yes, this means that a forgotten passphrase is now a problem almost on par with a crashed hard-drive. (I say almost because no replacement hardware is needed)

But all companies are (or should be!) equipped to deal with a broken hard-drive anyway. Why is "hard-drive cannot be read because hardware is broken" acceptable in a company while "hard-drive cannot be read because the passphrase is unknown" unacceptable ? The consequences of the two situations are after all pretty close to identical.

SparkleShare 1.0 released

Posted Dec 11, 2012 14:09 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]

> Why is "hard-drive cannot be read because hardware is broken" acceptable in a company while "hard-drive cannot be read because the passphrase is unknown" unacceptable ? The consequences of the two situations are after all pretty close to identical.

the impact is about the same, but the probability that people will forget their passphrase is higher, so the resulting risk (probability * impact) is significantly higher.

It also turns the 'hit by a bus' scenario into the equivalent of a failed drive, and at that point you cannot ask the person to recreate the data from memory.

Plus you can blame the failed disk on the hardware manufacturer and everyone accepts that such things happen. Having the hardware in perfect shape, but you just can't get at the data is clearly the fault of either the user or the IT staff, and what users are willing to accept the blame for loosing their non-backed up data (local spreadsheets, etc), especially among higher level management.

So higher risk + social aspects make the key escrow option very attractive.

On top of this, in many fields where there are security concerns, one of the concerns is the rogue insider 'doing bad things'. It's very hard to investigate this if you can't access the drive

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds