From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
Behalf Of Tom Metro
You seem to think there's an obstacle which isn't really real -
Encryption is very cheap computationally, so cheap indeed it can be
done by the disks themselves.
Yes, disk that have hardware
Edward Ned Harvey (blu) wrote:
Tom Metro wrote:
I imagine it would be challenging to pull off encryption well with
appliance hardware. The first problem is getting the software to do
it. (Plus all the automation you've previously discussed to set up
the keys on boot.) The second challenge is
On Thu, Jul 09, 2015 at 10:05:14PM -0400, Derek Atkins wrote:
It
pulls up to 250W so it will cost a little more to power so somewhere
around $4000 the first year and $1600/year to operate.
WOW!!! Your electricity is EX..PEN...SIVE! Assuming my math is right,
250W is 1kWh every 4
What puzzles me is what people are doing at home to use up all that
disk space.
My music collection is about 150GB. I like to keep 3 copies of everything so
there’s 450GB. I don’t keep a copy offsite in the cloud just because of it’s
size. I keep one copy on a USB drive in a fire proof
On 7/9/2015 10:05 PM, Derek Atkins wrote:
Does this $2239 price include the 8 drives?
Yes: with 8x3TB. The empty chassis is about $1K.
WOW!!! Your electricity is EX..PEN...SIVE! Assuming my math is right,
The $1600/year figure includes ISP cost. Yeah, I worded that poorly.
Actual
Jack Coats j...@coats.org wrote:
Rich, your post reminded me of this sticker I saw:
(There is no cloud, it's just someone else's computer)
;-) Amusing but not quite a precise description of the dominant industry trend
happening to data centers. The cloud is actually software-defined and
On 7/9/2015 9:55 AM, Derek Atkins wrote:
However. (and this is the big gotcha)... the certification does
not talk about HOW the crypto is used! For example, if you're running
disk encryption the *crypto* can be fully FIPS compliant, but it could
still do something stupid with the
Richard Pieri richard.pi...@gmail.com writes:
On 7/8/2015 10:23 AM, ma...@mohawksoft.com wrote:
The problem with internal drive encryption is getting any level of
disclosure and accountability.
This is simply not true.
FIPS security profiles are public record. Here's the security profile
Rich,
On Thu, July 9, 2015 7:50 pm, Richard Pieri wrote:
If you want to step up to something a little more enterprise-y, a
Synology DS1815+ with 8x3TB is currently $2239 on Amazon right now.
Does this $2239 price include the 8 drives?
It
pulls up to 250W so it will cost a little more to
Yay, I started a flame war. :-D
(Sorry).
Anyway, if anybody cares, I'm not a cryptographer but I am a pro crypto
developer. The difference is you're a mathematician who understands how to
design a good s-box, versus you're a software developer who understands the
correct usage of all the
On 7/9/2015 10:47 AM, Rich Braun wrote:
I think I'm digressing from original topic by a substantial margin,
but eventually those of us who fancy bigger NAS boxes for our homes
will turn our attention to cloud-based equivalents.
I don't think so. As capacity (or desire for capacity) grows, the
From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
Behalf Of Derek Martin
The difference is, the software most of us rely on is open source, and
is known to have been inspected by some very smart 3rd parties who
Au contraire. How did I know this was going to turn into an
On 7/7/2015 6:26 PM, Derek Martin wrote:
The difference is, the software most of us rely on is open source, and
is known to have been inspected by some very smart 3rd parties who
Some very smart 3rd parties? Can you actually name any of them? I
mean, can you name the specific people at Red
From: John Abreau [mailto:abre...@gmail.com]
Edward Ned Harvey (blu) b...@nedharvey.com writes:
You seem to think there's an obstacle which isn't really real -
Encryption is very cheap computationally, so cheap indeed it can be
done by the disks themselves.
 On Tue, Jul 7, 2015 at
On Wed, Jul 08, 2015 at 10:49:40AM -0400, Richard Pieri wrote:
On 7/8/2015 10:23 AM, ma...@mohawksoft.com wrote:
The problem with internal drive encryption is getting any level of
disclosure and accountability.
This is simply not true.
FIPS security profiles are public record. Here's the
On 7/8/2015 10:23 AM, ma...@mohawksoft.com wrote:
The problem with internal drive encryption is getting any level of
disclosure and accountability.
This is simply not true.
FIPS security profiles are public record. Here's the security profile
for the cryptographic module used in several of
On 7/8/2015 11:06 AM, Chuck Anderson wrote:
I think this whole discussion revolves around choice. With open
source, I have a choice to audit the code if I so desire, or to hire
someone to do so on my behalf. With internal drive encryption, I have
(almost) no choice but to trust someone else's
On Wed, Jul 08, 2015 at 10:15:02AM -0400, Richard Pieri wrote:
On 7/7/2015 6:26 PM, Derek Martin wrote:
The difference is, the software most of us rely on is open source, and
is known to have been inspected by some very smart 3rd parties who
Some very smart 3rd parties? Can you actually name
On 7/8/2015 11:47 AM, Derek Martin wrote:
Yes, in fact. I can name some of the people who do that where I work,
though I will not do so, as it is not my place to disclose that
information. I can also identify, for instance, Robert Swiecki at Google,
because he was involved in some of the
On Wed, Jul 08, 2015 at 12:08:13PM -0400, Richard Pieri wrote:
On 7/8/2015 11:47 AM, Derek Martin wrote:
Do you understand that you are doing the same thing that you accuse
proprietary software of doing?
The world is full of proprieties--I am subject to some of them the
same as any of us are.
On 7/8/2015 3:19 PM, Chuck Anderson wrote:
Sorry, I call BS. My point was that having access to source code is a
prerequisite. If you don't have access to the source code, it becomes
MUCH harder to audit because you are limited in the techniques you can
use, such as black box testing. If
On Wed, Jul 08, 2015 at 04:47:19PM -0400, ma...@mohawksoft.com wrote:
trusting that a closed system like encrypted hard disks is probably OK,
but if you are paranoid, it isn't. We should all be paranoid.
Always remember: trusted system means that you have to trust it,
not that you have
Rich Pieri wrote:
Paranoia is an
irrational fear. We should not be paranoid. We should be rational about
security.
On this flogged-to-death topic, I finally spotted a statement that I can agree
with (the other) Rich on! Brought a smile to my face.
A lot of the statements in this heated
Rich, your post reminded me of this sticker I saw:
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
On July 8, 2015, Richard Pieri wrote:
All of us... well, most of us anyway, myself included, were blinded
by the illusion [that open source affords more assurance than closed
source]. We believed if there were problems then some smart people
would have noticed them and fixed them because that's
On 7/8/2015 4:47 PM, ma...@mohawksoft.com wrote:
There are a lot of moving parts. Take for instance, the AES encryption
algorithm. This is a known quantity and you can trust that it works when
given any two independent implementations of it can encrypt/decrypt.
Yes. And this is one of the
On 7/8/2015 9:32 PM, Daniel Barrett wrote:
Oh, please. Nobody actually believes that open source scrutiny will
find *every* security problem.
You know what? I honestly thought that there was no way that anything as
ubiquitous as BASH could have bugs more severe than edge case
inconveniences.
On 7/8/2015 3:19 PM, Chuck Anderson wrote:
Sorry, I call BS. My point was that having access to source code is a
prerequisite. If you don't have access to the source code, it becomes
MUCH harder to audit because you are limited in the techniques you can
use, such as black box testing. If you
On 7/8/2015 1:18 PM, Derek Martin wrote:
But it does not matter; you asked if I know any such people; you did
not ask me to prove it. Moreover, MY trust depends neither on my
ability nor my willingness to prove my trust TO YOU.
My willingness to trust you does. Your claim is that open source
On Wed, Jul 08, 2015 at 11:53:35AM -0400, Richard Pieri wrote:
On 7/8/2015 11:06 AM, Chuck Anderson wrote:
I think this whole discussion revolves around choice. With open
source, I have a choice to audit the code if I so desire, or to hire
someone to do so on my behalf. With internal drive
On 7/7/2015 1:14 PM, Derek Atkins wrote:
I don't trust my disks to do the encryption, mostly because there's
really no way to verify that it's doing it correctly, and the key
management gets a lot harder.
Yes, there is a way to verify that they doing it correctly. It's called
FIPS
Edward Ned Harvey (blu) b...@nedharvey.com writes:
From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
Behalf Of Tom Metro
I imagine it would be challenging to pull off encryption well with
appliance hardware. The first problem is getting the software to do it.
(Plus all
From: John Abreau [mailto:abre...@gmail.com]
Edward Ned Harvey (blu) b...@nedharvey.com writes:
You seem to think there's an obstacle which isn't really real -
Encryption is very cheap computationally, so cheap indeed it can be
done by the disks themselves.
On Tue, Jul 7, 2015 at
On Tue, Jul 07, 2015 at 09:22:19PM +, Edward Ned Harvey (blu) wrote:
It seems silly not to trust the disk to do encryption, when you'd
trust some software that you equally haven't decompiled and
inspected.
The difference is, the software most of us rely on is open source, and
is known to
From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
Behalf Of Tom Metro
I imagine it would be challenging to pull off encryption well with
appliance hardware. The first problem is getting the software to do it.
(Plus all the automation you've previously discussed to set up
Rich Braun wrote:
I have two other requirements that at least until now have favored
build rather than buy: encryption at rest...
Good point. Thanks for the reminder.
I imagine it would be challenging to pull off encryption well with
appliance hardware. The first problem is getting the
36 matches
Mail list logo