[cryptography] Question About Best Practices for Personal File Encryption

Peter Thoenen peter.thoenen at yahoo.com
Wed Aug 20 01:00:35 EDT 2014


Haven't seen it mentioned yet but honestly would say just run with a OPAL or FIPS 140 compliant SED.  As much as folk don't "trust" NIST those using SED's certified to those standards are adequate enough for non-classified government documents (i.e. both NIST and DOD authorize them for use in their own organizations to protect their own information) including controlled unclassified information even while traveling in foreign nations with known active intelligence gathering (i.e. China).

Are certified SED's from Intel and Samsung coupled with TPM enabled motherboards more expensive and harder to get, yes.  Do I trust them more than other commercial or OSS software that, IMHO, could probably have a backdoor easily introduced via a software update, yes.  Even if the NSA could "hack" your SED, not sure that would ever be used against you in a court of law as that is giving away huge capability given other national governments and multinational corps use SED"s quite routinely (FIPS or OPAL depending where you live).  Just my two cents.

-Peter

PS: When I said certified SED I mean it, I don't mean a "SED that promising AES encryption".  You have to actively look for for certified SED's and they are often 200 to 300% priced, only sold via OEM channels, and have hard to find model numbers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140819/46352d8c/attachment.html>


More information about the cryptography mailing list