LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SparkleShare 1.0 released

SparkleShare 1.0 released

Posted Dec 11, 2012 13:38 UTC (Tue) by ekj (guest, #1524)
In reply to: SparkleShare 1.0 released by littlesandra88
Parent article: SparkleShare 1.0 released

That -entirely- is in the "it depends" category. We use full-disc-encryption primarily for added security in the case of stolen and/or misplaced laptops.

There's no escrow of the passphrases - but this is not show-stopper because we've got unencrypted backups of the content. Yes, this means that a forgotten passphrase is now a problem almost on par with a crashed hard-drive. (I say almost because no replacement hardware is needed)

But all companies are (or should be!) equipped to deal with a broken hard-drive anyway. Why is "hard-drive cannot be read because hardware is broken" acceptable in a company while "hard-drive cannot be read because the passphrase is unknown" unacceptable ? The consequences of the two situations are after all pretty close to identical.

(Log in to post comments)

SparkleShare 1.0 released

Posted Dec 11, 2012 14:09 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]

> Why is "hard-drive cannot be read because hardware is broken" acceptable in a company while "hard-drive cannot be read because the passphrase is unknown" unacceptable ? The consequences of the two situations are after all pretty close to identical.

the impact is about the same, but the probability that people will forget their passphrase is higher, so the resulting risk (probability * impact) is significantly higher.

It also turns the 'hit by a bus' scenario into the equivalent of a failed drive, and at that point you cannot ask the person to recreate the data from memory.

Plus you can blame the failed disk on the hardware manufacturer and everyone accepts that such things happen. Having the hardware in perfect shape, but you just can't get at the data is clearly the fault of either the user or the IT staff, and what users are willing to accept the blame for loosing their non-backed up data (local spreadsheets, etc), especially among higher level management.

So higher risk + social aspects make the key escrow option very attractive.

On top of this, in many fields where there are security concerns, one of the concerns is the rogue insider 'doing bad things'. It's very hard to investigate this if you can't access the drive

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds