[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny



Morning Yves Alexis,

Thanks for your very quick reply.
Actually, the most important content of the hard drive is replicated every 5 minutes so that if the hard drive crash or the motherboard crash, it is less important than a leak of information.

I was more more interested by an hardware solution rather than a software solution because of the celerity for encrypting/decrypting datas in the hardware's case.

Anyway, thanks for your tips with luks/crypsetup and will see how to implement it.

Best regards,

Thomas NGUYEN VAN 

----- Original Message -----
From: "Yves-Alexis Perez" <corsac@debian.org>
To: debian-security@lists.debian.org
Sent: Monday, January 24, 2011 9:31:33 AM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
Subject: Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On lun., 2011-01-24 at 08:14 +0000, Thomas Nguyen Van wrote:
> Good morning 
> Our company needs to encrypt hard drives on our machines running under
> Linux Debian Lenny.
> Seagate proposes FDE solutions with Momentus 5400 and/or 7200
> (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_ii_sq_kit.pdf)
> 
> This solution is very interesting because the password or the
> passphrase is not stored on the hard drive but in the BIOS in their
> case. So that a server can reboot without any human intervention.

Does that means that if the server dies, the drive is lost too? If you
have to send the motherboard for support you give your keys too. BIOS is
a black box which you have to trust anyway, but giving it your keys
might not be really necessary.
> 
> However, this solution only works under windows !! They don't plan to
> support under linux such a disk. :o(

If everything is handled by the BIOS, why would it be OS-dependent?

> So my question is : could you suggest another FDE solution compliant
> with a Lenny distribution? 

Use luks/cryptsetup and put the key on another media (like an usb drive
or a sdcard or even a cdrom).

Regards,
-- 
Yves-Alexis


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 1295857893.29291.4.camel@oban">http://lists.debian.org/[🔎] 1295857893.29291.4.camel@oban


Reply to: