On Mon, 2008-12-22 at 18:48 +0200, Nikolay Vladimirov wrote: > However I find it simpler and safer to use hardware disk > encryption(from the BIOS config) and a bunch of other thinkpad > security stuff. And what makes you think it's safer? The best info I can dig up is this: http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-69621 So it seems the encryption is handled completely within the drive itself. This means it can vary from manufacturer to manufacturer and even drive to drive. More specifically, it could range from "quite solid encryption" to "total crap" to "the drive is not encrypting at all and is just lying to you". Do you have the source code to your drive firmware? No matter how good the encryption is, there is still the big unavoidable hole called the passphrase. How long is your passphrase? What mechanisms does the drive have to prevent brute forcing the passphrase? Does it rate limit unlock attempts? Does it self destruct after N failures? It appears some thinkpads can unlock with a finger scan. Just a finger scan? Well that's a crock. Your biometric data is just sitting in the CMOS somewhere, along with the key, waiting to be stolen. Your security is only as good as its weakest link.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
