If I am understanding your questions correctly, here is one person's take: (usual caveats - I'm not speaking for my organization, etc.) 1.) Audit requirements (SOX, HIPAA, etc.) rarely distinguish between raid levels. 2.) Personal preferences aside, many people are going to target whichever encryption is mandated from auditing agencies (similar to above). 3.), and 4.) Visit www.decru.com or www.neoscale.com for examples. Regards, N8
________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Wann Sent: Friday, May 04, 2007 5:27 AM To: [email protected] Subject: [FDE] FDE With RAID5 Support? Hello James, So that I understand that you want FDE on the entire RAID array (please identify if they are SATA, PATA, or SCSI drives) and you want AES 256-bit strength. To better understand your system requirement, please educate me the following: 1. Why would a RAID 5 array, for instance, require FDE? RAID 0, 1, 10 may require as no XORed parity has been written to the disk array. However, a potential eavesdropper may have hard time in trying to discern/reconstruct the complete file/data block on one or two stolen RAID 5 disk as an evenly distributed and written XORed parity presents the bottleneck (of course, this is assuming that the entire RAID array is not being taken); 2. Why would AES 256-bit require? Why not TDES, say 192-bit strength? I would understand reason if it's only a preference and it's not from the comparison of cryptographic strength; 3. What is the "Key storage on a network appliance"? 4. What is the "hardware based key storage appliances"? Look forward to hearing from you. Thanks, Robert Wann Enova Technology www.enovatech.com ----- Original Message ----- From: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > To: <[email protected] <mailto:[email protected]> > Sent: Thursday, May 03, 2007 2:00 AM Subject: FDE Digest, Vol 8, Issue 1 > Send FDE mailing list submissions to > [email protected] <mailto:[email protected]> > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.xml-dev.com/mailman/listinfo/fde <http://www.xml-dev.com/mailman/listinfo/fde> > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > You can reach the person managing the list at > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of FDE digest..." > > > Today's Topics: > > 1. FDE With RAID5 Support? (James McEachern) > 2. Re: FDE With RAID5 Support? (James Wilmington) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 1 May 2007 04:58:19 -0700 > From: "James McEachern" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > Subject: [FDE] FDE With RAID5 Support? > To: <[email protected] <mailto:[email protected]> > > Message-ID: > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED] ORG> > > Content-Type: text/plain; charset="us-ascii" > > Hello, > > > > I am researching a FDE solution for a widely dispersed network. The > trouble I am having is finding a solution that supports RAID drives. Key > storage on a network appliance at the home office is out of the question > and buying hardware based key storage appliances for each office is also > out of the question. > > > > Requirements: > > > > AES-256 Encryption > > RAID5 Support in a W2K3 environment > > Key stored locally > > Pre-Boot Authentication can be disabled (I know the security holes this > opens up) > > > > Thank You, > > James > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://www.xml-dev.com/pipermail/fde/attachments/20070501/f7bd2b62/attac hment-0001.html <http://www.xml-dev.com/pipermail/fde/attachments/20070501/f7bd2b62/atta chment-0001.html> > > ------------------------------ > > Message: 2 > Date: Wed, 2 May 2007 16:37:35 +0100 > From: "James Wilmington" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > Subject: Re: [FDE] FDE With RAID5 Support? > To: <[email protected] <mailto:[email protected]> > > Message-ID: > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED] 857d0> > > > Content-Type: text/plain; charset="us-ascii" > > I am not sure about SOFTWARE packages that support RAID FDE. > > > > However you could buy as many Seagate Momentus FDE.2 drives that you need. > > > > These drives have encryption built into the hardware of the drive.therefore > there is no system overhead, and you wouldn't have to worry about finding a > suitable software solution. > > > > Good luck. > > > > _____ > > From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On > Behalf Of James McEachern > Sent: 01 May 2007 12:58 > To: [email protected] <mailto:[email protected]> > Subject: [SPAM] [FDE] FDE With RAID5 Support? > > > > Hello, > > > > I am researching a FDE solution for a widely dispersed network. The trouble > I am having is finding a solution that supports RAID drives. Key storage on > a network appliance at the home office is out of the question and buying > hardware based key storage appliances for each office is also out of the > question. > > > > Requirements: > > > > AES-256 Encryption > > RAID5 Support in a W2K3 environment > > Key stored locally > > Pre-Boot Authentication can be disabled (I know the security holes this > opens up) > > > > Thank You, > > James > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://www.xml-dev.com/pipermail/fde/attachments/20070502/563214db/attac hment-0001.html <http://www.xml-dev.com/pipermail/fde/attachments/20070502/563214db/atta chment-0001.html> > > ------------------------------ > > _______________________________________________ > FDE mailing list > [email protected] <mailto:[email protected]> > http://www.xml-dev.com/mailman/listinfo/fde <http://www.xml-dev.com/mailman/listinfo/fde> > > > End of FDE Digest, Vol 8, Issue 1 > ********************************* DISCLAIMER: This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.
_______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
