Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
This is a big problem for OSS full disk encryption. Non have this feature.
SparkleShare 1.0 released
Posted Dec 10, 2012 16:00 UTC (Mon) by cesarb (subscriber, #6266)
Posted Dec 10, 2012 16:00 UTC (Mon) by josh (subscriber, #17465)
Also, LUKS has the option of multiple independent passphrases for the same encrypted device, so an enterprise installation of it could easily set a backdoor passphrase in one of the secondary passphrase slots.
Posted Dec 11, 2012 13:38 UTC (Tue) by ekj (guest, #1524)
There's no escrow of the passphrases - but this is not show-stopper because we've got unencrypted backups of the content. Yes, this means that a forgotten passphrase is now a problem almost on par with a crashed hard-drive. (I say almost because no replacement hardware is needed)
But all companies are (or should be!) equipped to deal with a broken hard-drive anyway. Why is "hard-drive cannot be read because hardware is broken" acceptable in a company while "hard-drive cannot be read because the passphrase is unknown" unacceptable ? The consequences of the two situations are after all pretty close to identical.
Posted Dec 11, 2012 14:09 UTC (Tue) by dlang (✭ supporter ✭, #313)
the impact is about the same, but the probability that people will forget their passphrase is higher, so the resulting risk (probability * impact) is significantly higher.
It also turns the 'hit by a bus' scenario into the equivalent of a failed drive, and at that point you cannot ask the person to recreate the data from memory.
Plus you can blame the failed disk on the hardware manufacturer and everyone accepts that such things happen. Having the hardware in perfect shape, but you just can't get at the data is clearly the fault of either the user or the IT staff, and what users are willing to accept the blame for loosing their non-backed up data (local spreadsheets, etc), especially among higher level management.
So higher risk + social aspects make the key escrow option very attractive.
On top of this, in many fields where there are security concerns, one of the concerns is the rogue insider 'doing bad things'. It's very hard to investigate this if you can't access the drive
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds