Re: Encryption FAQ

Andrew_Sha · December 10, 2006, 12:21am

Dejan et al

In light of so many questions lately related to encryption filters, I
would like to start a very generic encryption FAQ.

It was one great idea . anyone with follow up?

Andrew

“Dejan Maksimovic” wrote in message news:xxxxx@ntfsd…
>
> In light of so many questions lately related to encryption filters, I
> would like to start a very generic encryption FAQ.
> Any recommendation on what I should use? I find HTML to be hard for
> FAQ; thinking of CHM help.
> This would lead to a very good source for newcomers.
>
> Of course, this will go as time permits.
>
> –
> King regards, Dejan
> http://www.alfasp.com
> File system audit, security and encryption kits.
>
>
>

David_J_Craig · December 10, 2006, 1:15am

I suspect that many who know won’t give away all their secrets. This is not
a simple subject. OSR sells packages for developers who want to write
encryption file systems. Tony has mentioned that not all the problems can
be overcome reliably using a filter so they implement their solution by
doing a file system. Active filters are not easy because most people trying
them don’t have source code access to the operating system. Even Microsoft
doesn’t offer compression and encryption on the same files at the same time
and they have all the source code.

It is a good idea. I like the new encrypting hard drives from Seagate.
Since it is hardware based encryption, there is no speed loss.

“Andrew Sha” wrote in message
news:xxxxx@ntfsd…
> Dejan et al
>
>
>
>> In light of so many questions lately related to encryption filters, I
>> would like to start a very generic encryption FAQ.
>
>
>
> It was one great idea . anyone with follow up?
>
>
>
> Andrew
>
>
>
> “Dejan Maksimovic” wrote in message news:xxxxx@ntfsd…
>>
>> In light of so many questions lately related to encryption filters, I
>> would like to start a very generic encryption FAQ.
>> Any recommendation on what I should use? I find HTML to be hard for
>> FAQ; thinking of CHM help.
>> This would lead to a very good source for newcomers.
>>
>> Of course, this will go as time permits.
>>
>> –
>> King regards, Dejan
>> http://www.alfasp.com
>> File system audit, security and encryption kits.
>>
>>
>>
>
>
>

OSR_Community_User · December 10, 2006, 9:52am

We have a Wiki package selected but I haven’t taken the time to really
look at it yet; the goal is to use this as the framework into which
we’ll move the FAQ and add new material (such as an encryption FAQ).

But realize that none of the active participants in this forum are “big
fish” that can afford to work on this in anything other than a secondary
capacity, which means that we’ll be working on it when there’s free
time. This doesn’t mean we have secrets we’re unwilling to share, but
rather we have to work in order to meet our own obligations.

One observation about using whole volume encryption versus per-file
encryption: Whole volume encryption is useful in protecting against a
class of specific failures (e.g., loss of the laptop) but does nothing
to allow protection of data moved off the protected volume, nor does it
allow for different users of the same box to have different levels of
protection for the data on the drive.

Remember that when you are developing security software, you are
developing it to protect against specific classes of attacks. You need
to think about what your “threat model” is because that will dictate
against what you are defending against. If you don’t have a threat
model, you don’t know what you’re trying to protect and you aren’t going
to be able to be systematic about it.

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

OSR_Community_User · December 10, 2006, 10:10am

I have done very basic outline, I am so busy with hardware upgrades that I have
not had the chance to do anything more

Andrew Sha wrote:

Dejan et al

> In light of so many questions lately related to encryption filters, I
> would like to start a very generic encryption FAQ.

It was one great idea . anyone with follow up?

Andrew

“Dejan Maksimovic” wrote in message news:xxxxx@ntfsd…
> >
> > In light of so many questions lately related to encryption filters, I
> > would like to start a very generic encryption FAQ.
> > Any recommendation on what I should use? I find HTML to be hard for
> > FAQ; thinking of CHM help.
> > This would lead to a very good source for newcomers.
> >
> > Of course, this will go as time permits.
> >
> > –
> > King regards, Dejan
> > http://www.alfasp.com
> > File system audit, security and encryption kits.
> >
> >
> >
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@alfasp.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.

OSR_Community_User · December 10, 2006, 10:12am

Hmph, this would be similar to saying there is no loss of speed when using RAID5.
Even software encryption has negligible impact considering the hard drive speed is
the bottleneck (or controller nowadays); hardware based have less impact but still
do, and you will notice it if you measure.

It is a good idea. I like the new encrypting hard drives from Seagate.
Since it is hardware based encryption, there is no speed loss.

–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.

OSR_Community_User · December 10, 2006, 10:14am

You mean you have Wiki implemented on OSR? I’ll have time as soon as hardware
upgrades are done here (tip: getting low voltage Xeons is hard)

We have a Wiki package selected but I haven’t taken the time to really
look at it yet; the goal is to use this as the framework into which
we’ll move the FAQ and add new material (such as an encryption FAQ).

–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.

OSR_Community_User · December 10, 2006, 10:45am

Yes, I mean that after torturing the web master for a while he selected
a CF-based wiki package that he believes will be acceptable. My hope is
to spend some time playing with it over the quiet period (later this
month) and work with a few key people (like you, Dejan) to look at how
to add content to it. The biggest problem with the FAQ is (and has been
for a long time) that it has no organizational structure and it is
difficult to update.

The wiki, when it is in tolerable shape, will be hosted on osronline
along with the other community content that we sponsor. I am hoping
that we’ll be able to unveil something early next year, but I’m also
being up-front and telling everyone that this is really a back-burner
project. Now if your company wants to fund the effort, we can discuss
adjusting the priorities.

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com