On Tue, Aug 24, 2010 at 12:18 PM, Robert Hajime Lanning <lann...@lanning.cc> wrote: > Edward Ned Harvey wrote: >> Apparently TPM is not a new thing. Even my oldest Dell laptop (5-6 years >> old) has a TPM, which I never bothered to enable. I have to guess that >> BitLocker is probably not the first whole-disk-encryption solution to >> utilize it. Not sure why it seems to have become the new buzz word. Either >> way, whatever the reason this didn't take off before, I really enjoy >> BitLocker, and am happy I found it. I'm the only person who knows anything >> has changed in my computer; it looks, behaves, and performs exactly as it >> did before. I have some increased cpu utilization to perform my encryption, >> but my disk performance is not measurably different from before. Well, at >> most 5% or 10%, which basically falls into the "noise" of hard disk >> benchmarks. That could be random sampling error. > > I am surprised that no one has brought up hard drives that have FDE > functions. > > <disclaimer> > I worked for Seagate when they came out with this. > </disclaimer> > > http://www.seagate.com/www/en-us/products/laptops/laptop-hard-drives/ > http://www.seagate.com/docs/pdf/datasheet/disc/ds_momentus_fde_family.pdf > > The key is generated on the controller. It works with TPM to unlock > access. DoD erase is split second, by wiping of key from the drive. > > "Seagate Self-Encrypting Drives deliver government-grade encryption > without performance degredation – protecting your data where it lives. > The FIPS 140-2* options are NIST government certified for both U.S. and > Canadian usage with sensitive data."
The problem with this, and please tell me if there's a fix for it, is that when a system dies and I need to move the drive into another system to recover the data, how do I get the keys for the drive? Is there a setup that you initially run, like with Bitlocker, where you can save the keys to a safe place? Otherwise I'd need to rely on the most recent backup, which may or may not be up to date. _______________________________________________ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
