On Dec 12, 2013, at 6:23 PM, Wolfgang S. Rupprecht
wrote:
>
> It also strikes me that one can set the ssd disk password at any time
> after OS installation. Since the disk contents are already encrypted
> and will continue to be encrypted by the same AES key, from the data's
> perspective noth
Chris Murphy writes:
> On Dec 12, 2013, at 1:36 PM, "Wolfgang S. Rupprecht"
> wrote:
>>
>> If I didn't have always on, hardware FDE for free in the SSD, I'm
>> sure I'd be happy with LUKS.
>
> Yes, it's annoying. But the task is also difficult to do correctly in
> a preboot environment. Arguabl
On Dec 12, 2013, at 1:36 PM, "Wolfgang S. Rupprecht"
wrote:
>
> If I didn't have always on, hardware FDE for free in the SSD, I'm
> sure I'd be happy with LUKS.
Yes, it's annoying. But the task is also difficult to do correctly in a preboot
environment. Arguably they got ahead of themselves a
On Dec 12, 2013, at 12:32 PM, Wolfgang S. Rupprecht
wrote:
>
> I've got a standard consumer Intel 520 SSD, which claims to do hardware
> based AES disk encryption with no speed penalty. It sounds like a
> useful way to protect laptop data if the laptop is ever stolen. Has
> anyone tried to d
On Thu, Dec 12, 2013 at 12:36:59 -0800,
"Wolfgang S. Rupprecht" wrote:
Of course, with the Snowden revelations, one has to wonder how random
the randomly chosen internal AES key is. If it is from an intentionally
crippled RNG, it may be easy for someone in the know to do a brute-force
search
Bruno Wolff III writes:
> On Thu, Dec 12, 2013 at 11:32:41 -0800,
> "Wolfgang S. Rupprecht" wrote:
>>Google is failing me here due to search spam for LUKS which doesn't
>>appear to be capable of *full* *disk* encryption. It only seems to
>>encrypt individual partitions.
> It can do full encry
On Thu, Dec 12, 2013 at 11:32:41 -0800,
"Wolfgang S. Rupprecht" wrote:
I've got a standard consumer Intel 520 SSD, which claims to do hardware
based AES disk encryption with no speed penalty. It sounds like a
useful way to protect laptop data if the laptop is ever stolen. Has
anyone tried t
I've got a standard consumer Intel 520 SSD, which claims to do hardware
based AES disk encryption with no speed penalty. It sounds like a
useful way to protect laptop data if the laptop is ever stolen. Has
anyone tried to do hardware-based full disk encryption with Fedora?
Does one need to boot
