[cryptome] Re: [cryptography] Question About Best Practices for Personal File Encryption

  • From: "Peter Thoenen" <dmarc-noreply@xxxxxxxxxxxxx> (Redacted sender "peter.thoenen@xxxxxxxxx" for DMARC)
  • To: shawn wilson <ag4ve.us@xxxxxxxxx>, Mark Thomas <mark00thomas@xxxxxxxxx>
  • Date: Tue, 19 Aug 2014 22:00:35 -0700

Haven't seen it mentioned yet but honestly would say just run with a OPAL or 
FIPS 140 compliant SED.  As much as folk don't "trust" NIST those using SED's 
certified to those standards are adequate enough for non-classified government 
documents (i.e. both NIST and DOD authorize them for use in their own 
organizations to protect their own information) including controlled 
unclassified information even while traveling in foreign nations with known 
active intelligence gathering (i.e. China).

Are certified SED's from Intel and Samsung coupled with TPM enabled 
motherboards more expensive and harder to get, yes.  Do I trust them more than 
other commercial or OSS software that, IMHO, could probably have a backdoor 
easily introduced via a software update, yes.  Even if the NSA could "hack" 
your SED, not sure that would ever be used against you in a court of law as 
that is giving away huge capability given other national governments and 
multinational corps use SED"s quite routinely (FIPS or OPAL depending where you 
live).  Just my two cents.


PS: When I said certified SED I mean it, I don't mean a "SED that promising AES 
encryption".  You have to actively look for for certified SED's and they are 
often 200 to 300% priced, only sold via OEM channels, and have hard to find 
model numbers.

Other related posts:

  • » [cryptome] Re: [cryptography] Question About Best Practices for Personal File Encryption - Peter Thoenen