[BBLISA] whole disk encryption

[Edward Ned Harvey]

> From: bblisa-bounces at bblisa.org [mailto:bblisa-bounces at bblisa.org] On
> Behalf Of Edward Ned Harvey
> 
> I wonder if there's a hardware solution, that would make the encrypted
> disk
> transparent to the OS, and hence, all the backup tools and other tools
> you
> might use in the OS would remain functional...

Apparently ...

Apparently TPM is not a new thing.  Even my oldest Dell laptop (5-6 years
old) has a TPM, which I never bothered to enable.  I have to guess that
BitLocker is probably not the first whole-disk-encryption solution to
utilize it.  Not sure why it seems to have become the new buzz word.  Either
way, whatever the reason this didn't take off before, I really enjoy
BitLocker, and am happy I found it.  I'm the only person who knows anything
has changed in my computer; it looks, behaves, and performs exactly as it
did before.  I have some increased cpu utilization to perform my encryption,
but my disk performance is not measurably different from before.  Well, at
most 5% or 10%, which basically falls into the "noise" of hard disk
benchmarks.  That could be random sampling error.

Also, built-in to even my oldest Dell, is the hard-drive password.  This is
different from a BIOS password, because the hard drive password stays with
the hard drive.  Even if you move the hard drive to another computer, the
hard drive will refuse to do anything without the password (and BIOS support
for entering the password.)  

The disadvantage of the HD pass is:  You have to constantly enter the HD
pass.  Every time you power-on, or wake up.  The drive is not encrypted;
just locked.  Which means data could be recovered from it by disassembling
it, or maybe by swapping the electronic circuit.  Also, the HD pass would be
subject to a brute-force attack.  If you lose your password, there's nothing
you can do about it.

The advantage of the HD pass is:  There is no computation overhead.  It
takes no time at all to configure.