U.S. Gov't to use Full Disk Encryption on All Computers - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: U.S. Gov't to use Full Disk Encryption on All Computers

Quoted text here. Click to load it

Still it's unclear what you mean.  You're talking about noise and a CRC
for encrypting.  Yes, CRC is supposed to detect noise, but it can't be
used in any way in a cryptographic application.  Cryptographic hash
functions are your friends there.


Re: U.S. Gov't to use Full Disk Encryption on All Computers

Saqib Ali wrote:
Quoted text here. Click to load it


There is an alternative to full disk encryption, providing the same privacy
level, at no cost: to run a virtual machine whose files are stored in an
encrypted container.


- Virtual machine software: Virtual PC (on Windows host machine), VMware and
Qemu (on Windows and Linux host machines)
- Guest machines: any X86 machine (DOS, Windows, Linux, FreeBSD...)
- OTFE encryption software: TrueCrypt (Windows, Linux).

The whole solution can be done at no cost.

The guest machine doesn't leak anything; all its files (including temp and
swap files) are in an encrypted container.

Backup of the host machine is unchanged, backup of the guest machine is
simply and securely done by copying the file corresponding to the encrypted
container on a backup media (i.e. USB mass storage disk).

Precautions should be taken to transfer data to the guest machine without
letting "plain" traces on the host machine; for example, a secure ftp client
connects from the guest machine to a secure ftp server on a LAN; encrypted
data get through the host TCPIP stack to the guest machine.

I built such a solution very easily with:
- host machine: Windows XP,
- virtual machine software: VMware Player (yes, you can build a guest
machine with VMware Player, even if VMware says it is not possible; see for
example http://www.easyvmx.com/easyvmx.shtml ; you also need to get VMware
tools from a VMware test distribution),
- guest machine: Windows 2000 Professional (with two vmdk disks, one of 4 GB
for system, one of 5 GB for data),
- OTFE software: TrueCrypt (one container, 12 GB contains the two vmdk disks
+ vmx configuration file; this lets room for VMware temporary files and for
enventually copying the ISO image of a CD-ROM to be mounted).

I think this solution less risky to implement than a full disk encrytption
one (newsgroups are full of people having done something wrong and unable to
recover their system). And TrueCrypt is an *OpenSource* software (how could
you rely on an undisclosed source encryption software)?

Just some comments about www.full-disk-encryption.net site:

- In the list of FDE, you could add GBDE and GELI, both FreeBSD modules
allowing full disk encryption, see
http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf .
GBDE and GELI are OpenSource softwares.

- The site does not mention hardware solutions, for example HP Drivecrypt on
some notebooks, Trust Way RCI (Bull) or Flagstone disks (Hermitage

- Your comparative list should indicate which solutions are OpenSource and
which aren't.


Michel Nallino aka WinTerMiNator
http://anonapps.samizdat.net (Anonymat sur Internet)
Adresse e-mail invalide; pour me contacter:

Re: U.S. Gov't to use Full Disk Encryption on All Computers

Quoted text here. Click to load it

All of your suggestion involve quite a bit of overhead, are inelegant
and require user interaction.

One of the requirement for this Government project is that the solution
has to be transparent to the user.


Site Timeline