Forgot your password?
typodupeerror
Encryption Security United States Portables IT Hardware

U.S. Gov't To Use Full Disk Encryption On All Computers 371

Posted by timothy
from the double-secret-probation-rot-13 dept.
To address the issue of data leaks of the kind we've seen so often in the last year because of stolen or missing laptops, writes Saqib Ali, the Feds are planning to use Full Disk Encryption (FDE) on all Government-owned computers. "On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements."
This discussion has been archived. No new comments can be posted.

U.S. Gov't To Use Full Disk Encryption On All Computers

Comments Filter:
  • But why? (Score:2, Funny)

    by timeOday (582209)
    I mean, if you have nothing to hide, you have nothing to fear, right?
    • Re:But why? (Score:5, Insightful)

      by tajmorton (806296) on Thursday December 28, 2006 @11:57AM (#17387876) Homepage
      I mean, if you have nothing to hide, you have nothing to fear, right?
      Like your Social Security Number [com.com], right?
      • by goombah99 (560566) on Thursday December 28, 2006 @01:58PM (#17389484)
        At my intitution were worried about all sorts of personally identifiable information. There does not seem to be any quantitative guidelines for this. Even one SS number is apparently too much. And it's not just the info I might be aware of but the info that might be there that I'm not aware of that counts too. For example, if someone sends me a resume. Even if I never read it, It might contain birth dates and other personal info. Hence I need to protect all the e-mail.

        Now the hackles being raised are that this means we can't use Macs and maybe not linux since there are no acceptable enterprise-worthy full disk encryption systems. If you know of some, expecially for macs please reply with details below. But the term "acceptable" and "enterprise-worthy" matter a great deal. You can't just go installing full disk encryption based on some open source solution that might or might not get updated to work with the next version of say debian or fedora in a timely way. It has to have a method of key escrow that is usable. etc...
        Hence people are looking to windows.

        Another raging argument is what full disk encryption means. Surely something like mac's built in encryption of home directories and if need be combined with secure virtual memory would be sufficient to protect anything but very critical information. The answer we are hearing is No and "maybe". We are beinf pushed to use Entrust which all users I have heard from say is a disaster. There's going to be huge data recovery issues. And I don't see it as likely that Entrust will always be assured of working across OS upgrades

        Personally I'd prefer to see encryption done in a transparent hardware layer.

        In the long run this going to be good for the branded commerical OS, and the Linuxes backed by commerical vendors. The reason is that in the end you'd have to be pretty stupid to encrypt your whole disk with anything not supplied by the OS vendor because it simply has to work right under all circumstances and there simply has to be one person you can call when it fails. It woul dbe intolerable to have to have the OS vendor say well it's not our problem and the encryption vendor saying they are trying to work with the OS vendor to figure out why the kernel upgrade broke it.

        And when it does break after you hit the "Software update" button or worse corporate HQ pushes the update overnight to your computer there is no failsafe mode! the computer won't boot. Corprorate HQ can't even contact your computer to undo the problem after the reboot. you can't even donwload a patch from the vendor or let them know it was broken. You can't even look up their phone number. Nor can you go to your neighbors computer to download a patch since his machine is broken too.

        Other arguments people are unsure of
        1) is home directory encryption enough
        2) what about removable media?
        3) what about FAT tables?
        4) boot tracks?
        5) virtual memory?

        The fact that this order is zero tolerance with no asseement of risk seems to prove it is ill conceived.

        It's a stake through the heart for all non-comercial linux

        • It's a stake through the heart for all non-comercial linux.

          Not necessarily. You're assuming that this gigantic government-mandated undertaking is going to work. I think that is a mistake.

          Ask yourself how many times such major overhauls have ever worked right, when the Feds are in charge. The FBI botched a big upgrade, the IRS is still botching theirs, the FAA botched theirs ... and now we're talking about a critical change affecting hundreds of thousands of computers running everything from Windows to
    • Re:But why? (Score:4, Insightful)

      by SatanicPuppy (611928) * <Satanicpuppy&gmail,com> on Thursday December 28, 2006 @12:00PM (#17387910) Journal
      Meh, they try to hide stuff all the time now, and how many things do we find out because someone left it written up on a poorly secured computer? Government "transparency" always depends on people on the inside leaking the information.

      On the other hand, they're losing laptops full of veteran's records on a monthly basis. Either they need to take better care of the data, or they need to put tighter controls on who has access to the data.
    • by Crudely_Indecent (739699) on Thursday December 28, 2006 @12:07PM (#17388010) Journal
      It's not about having something to hide, it's about protecting the info present within. How many gov't laptops containing personal information of citizens or groups have been stolen in recent history?

      Large corporations that deal with private data from their customers should also be required to use full-disk encryption as well. In fact, I recommend some form of encryption for sensitive data to everyone.
    • by Splab (574204)
      But they do have something to hide...
    • Re:But why? (Score:5, Informative)

      by WED Fan (911325) <akahige&trashmail,net> on Thursday December 28, 2006 @12:53PM (#17388686) Homepage Journal

      And, you'd be the first one to cry to the f*&king heavens as soon as the Government let YOUR secrets out in the open. Or when a government, controlled by a political party other than your chosen favorite, screwed up in a major way when Intelligence is released into the wild.

      Find a government on the planet that does as you desire, I'll show you mythology. Only those seeking the downfall of a political system, or governing body require that body to release all its secrets. When that body is your government, then you meet the definition of "Traitor".

      Whether controlled by Republicans, Democrats, Libertarians (mythological political party), The Raving Loons of Parump, the government must keep secrets and protect select information from release until such a time that its release is no longer a harm to the citizens and country.

  • Eh. (Score:5, Insightful)

    by SatanicPuppy (611928) * <Satanicpuppy&gmail,com> on Thursday December 28, 2006 @11:54AM (#17387830) Journal
    Well, on the one hand, it's a good idea to encrypt machines that contain sensitive data.

    On the other hand, this is just a bandaid on their terrible information policy...The reason that they have to encrypt a zillion machines is because they store sensitive personal data on a zillion machines. Then there are multiple operating systems, levels of security, etc. All this means that compromising one machine will still be pretty easy, because when you have encryption on the crappy desktop in the mailroom where everyone surfs porn, you stop taking it seriously.

    They could kill the whole problem by centralizing their data stores, and developing some secure web interfaces across enhanced encryption. That way, instead of trying to encrypt every machine, you could encrypt 50 data centers and control access locally...Hell, if I were the government I'd push all my software needs toward think clients and terminal services anyway...The average user doesn't need more, and that makes all your security problems more managable.
    • by Billosaur (927319) *

      They could kill the whole problem by centralizing their data stores, and developing some secure web interfaces across enhanced encryption. That way, instead of trying to encrypt every machine, you could encrypt 50 data centers and control access locally...Hell, if I were the government I'd push all my software needs toward think clients and terminal services anyway...The average user doesn't need more, and that makes all your security problems more managable.

      Why would government people need to be dragging this stuff home on their laptops anyway? In this era of high bandwidth connections and VPN, why can't the data be accessed from home or via laptop without it existing physically on the hard drive? I mean, when you think about it, they could just print the data out on paper and lose that as easily, but it seems that the idea is to create centralized, secure data stores, not to allow multiple copies of the same data to go floating around. If nothing else, data

      • Re: (Score:3, Informative)

        by throx (42621)
        In this era of high bandwidth connections and VPN, why can't the data be accessed from home or via laptop without it existing physically on the hard drive?

        Because not every government employee has access to high bandwidth connections, especially if they are stationed outside the US. Disconnected operation is essential.
        • Re: (Score:3, Interesting)

          by pla (258480)
          Because not every government employee has access to high bandwidth connections, especially if they are stationed outside the US. Disconnected operation is essential.

          If you work as a low-level US diplomat in Peru, do you really need to carry around the complete medical records of 20 million veterans?

          Additionally, you can get a tolerable bandwidth connection anywhere on the planet - We now have these things circling the Earth far above, sort of artificial "satellites", if you will. Some of them have the
      • Re:Eh. (Score:5, Informative)

        by CohibaVancouver (864662) on Thursday December 28, 2006 @01:00PM (#17388784)
        Why would government people need to be dragging this stuff home on their laptops anyway?

        It's not 'dragging this stuff home', it's people who go out in the field to do their job - One simple example is FEMA. When they go to a disaster they take along thousands of laptops in order to register people who need aid. There isn't a LAN they can "SSH into" and they can't phone this stuff in. Another example might be the IRS who would visit individuals and businesses to perform audits.... The list goes on.

    • Re: (Score:2, Insightful)

      by axcessor (1044434)
      While centralization of data storage is a good idea, it would not solve the entire problem. There are still multiple vectors for data leaks including USB drives, CDR, web-based email or forums, or even network transfers. Thin clients were a nice thought but a flash in the pan for the most part. No one has been able to make them practical. Blame the bloated OS's for that one.
    • by bbernard (930130)
      "They could kill the whole problem by centralizing their data stores, and developing some secure web interfaces across enhanced encryption."

      Belts and Suspenders. Doing both would be even better. Besides, how do you prevent that government worker from saving a local copy? How do they do their work on a plane trip across country? How else do you ensure that the web cache, paging file, or any other place where even temporary data stored on the local hard drive is going to be protected?

      This is a great devel
    • by msobkow (48369)

      It also means that even if physical evidence is seized, the people won't be able to get at the data necessary to prove graft or corruption. :(

      The governments wanted a repository of keys, a back door to spy on the population. Turn about is fair play.

      Bend over.

    • Re: (Score:3, Insightful)

      by ChrisA90278 (905188)
      OK, let's say they do this, they keep the data only in a centralized location and you access it by an encrypted link. The problem is that the data must be decripted before it can be displayed to the user. So there is no way out of it the user's machine will hold, some place plain text data. Even if just in RAM. Once the data are in RAM it can "leak" onto the hard disk. For example the swap file is used to back up RAM or the user might have some program that saves the data so he can work off line. If t
  • by G27 Radio (78394) on Thursday December 28, 2006 @11:56AM (#17387846)
    In order to prevent the loss of pass-keys to these machines (and the resulting loss of important information,) users will be required to keep a copy of the pass-key taped to the bottom of their computers.
    • by Frosty Piss (770223) on Thursday December 28, 2006 @12:28PM (#17388318)
      In order to prevent the loss of pass-keys to these machines (and the resulting loss of important information,) users will be required to keep a copy of the pass-key taped to the bottom of their computers.

      The Air Force currently requires ( in addition to the use of a "Smart Card" plugged into the machine to gain access ) a 15 char password consisting of 3 caps, 3 lower, 3 numbers, and 3 special char ( the rest is up to the user ), no proper names, dictionary words, more than 3 letters or numbers in sequence ( back or forward ), must not be the same or simular to your last 25 passwords, and you must change it every 90 days.

      The net result is that most people are writing it down and storing it in some easy to access place. Previously, we had an 8 char pass that required 2 caps, 2 lower, 2 special, 2 numbers... It was short enough that you could actually remember it.

      • PS... (Score:4, Interesting)

        by Frosty Piss (770223) on Thursday December 28, 2006 @12:30PM (#17388348)
        I'm sorry, I should have said, this is in AMC ( Air Mobility Command ) within the AIr Force. The rest of the Air Force may be the same, but I don't know that.
        • Re:PS... (Score:4, Insightful)

          by YrWrstNtmr (564987) on Thursday December 28, 2006 @12:52PM (#17388682)
          ACC is not quite that bad (yet). 9 char pwd. We ARE, however, going to the Standard Desktop Configuration (SDC) as of Jan 31. No admin accounts, no Outlook webmail, everything very much locked down. Which is fine for 99% of the poeple out there, but as a developer, I find it a real a real PITA.
          "What?? I can't change the clock on the PC? How am I supposed to test this function that generates a string based on the time?"
          "What? I can't defrag my own harddrive?"
          "What? I can't create a folder in C:\?"

          The SDC is good, but damn...some of us need a little more.
          • Re:PS... (Score:5, Insightful)

            by kcbrown (7426) <slashdot@sysexperts.com> on Thursday December 28, 2006 @02:43PM (#17390020)
            ACC is not quite that bad (yet). 9 char pwd. We ARE, however, going to the Standard Desktop Configuration (SDC) as of Jan 31. No admin accounts, no Outlook webmail, everything very much locked down. Which is fine for 99% of the poeple out there, but as a developer, I find it a real a real PITA.
            "What?? I can't change the clock on the PC? How am I supposed to test this function that generates a string based on the time?"
            "What? I can't defrag my own harddrive?"
            "What? I can't create a folder in C:\?"

            I hate to sound like a dick, but....good!

            By being forced to develop your software as a restricted user, you're forced to ensure that your software will run with restricted user privileges. You're forced to use the proper means of determining the user's home directory, their temp directory, etc. You're forced to use the HKCU registry to store any registry items. You're forced to make the software multiuser-capable.

            That's the way it should be. If most software had been written like that from the beginning, Windows would probably be a lot more secure for the general population because they would be able to comfortably run as a restricted user and know that all their software would Just Work.

            So while it may be more painful as a developer to run as a restricted user, the pain does have a rather substantial payoff. Hopefully that'll make the pain a bit more bearable.

          • Re: (Score:3, Insightful)

            by Phleg (523632)

            "What?? I can't change the clock on the PC? How am I supposed to test this function that generates a string based on the time?"

            Uh, bad example. Good design would normally dictate you prototype this function as follows:

            char* generate_string(time_t time);

            Now you can call it using the output of time(), or in a unit test, try a bunch of different time_t values. What, were you going to have your unit test keep changing your system time?

            Then, if you area always going to call it using the current time, simp

      • by throx (42621) on Thursday December 28, 2006 @12:46PM (#17388584) Homepage
        It's actually more secure to have an essentially random password that people secure on a laminated card in their wallet (appropriately obfuscated of course) than have passwords that people can easily remember. When you think about it, people are actually very good at securing their wallet independently of their laptops.
        • Re: (Score:3, Informative)

          by Cthefuture (665326)
          Even better is to physically store it on something like a smartcard. Even with a simple 4 digit PIN it offers substantial security over plaintext. Then the card can authenticate the user using extremely complex methods if desired (PKI or very long/complex passwords). Plus it can store authentication for multiple systems easily.

          Then you have decent physical security as well. Don't get me wrong, it's not perfect but it is still very effective.
      • by Gogo0 (877020)
        Did the Air Force go to InfoCon 4 also? (Army DOIM, here)

        Not to nag, but is login policy public information? I'm sure people can find out that we use CACs to log in now, but detailed (as detailed as Army Pacific gived the DOIM, at least) password requirements for InfoCons 4 and 5 probably fall into OpSec.

        I may be wrong though ^_^
    • by MasterC (70492)

      ...users will be required to keep a copy of the pass-key taped to the bottom of their computers.

      I know you are kidding, but the truth isn't that far off. Someone I know's mother (names, exact relationship to me, and organization intentionally withheld) works for the government. The laptop had a BIOS password, which was written on a slip of paper in the laptop case. Her password for the account involved *only* the current month and year. And this was acceptable per policy as of a few months ago.

      If I can'

  • Why full disk encryption and not just the home directory?? Maybe things are so mixed up on Windows that you need full disk, but on OS X, Linux, and other Unixes it should be sufficient to encrypt only the home directory of users.

    Are they just concentrating on a Windows-only solution that will lock out OS X and Linux??

    As a government employee, I know there are a lot of people where I work who want to keep their Macs.
    • Re: (Score:3, Informative)

      by oohshiny (998054)
      Why full disk encryption and not just the home directory??

      Because software frequently puts sensitive data in files outside your home directory.

      Are they just concentrating on a Windows-only solution that will lock out OS X and Linux??

      Linux supports full disk encryption. If OS X doesn't, well, it should, since home-directory-only encryption is not particularly secure.
      • Because software frequently puts sensitive data in files outside your home directory.

        If users don't run as administrators this can't happen. And I don't know of any Linux app that puts stuff outside home... and only a few Macs app do (and none should)
        • by amliebsch (724858)
          What about system databases? What about swap?
        • Swap, data is passed through swap and not just admins will push sensitive information through it.
      • by Splab (574204)
        Because software frequently puts sensitive data in files outside your home directory.


        Never mind the software, what about the users? I work for a small organization, and users drop sensitive information all over their drives, depending on when they started working with computers and what kind of habits they acquired, Documents and settings is a fairly new concept.
        • Re: (Score:3, Informative)

          by Fred_A (10934)
          In most orgs nowadays users no longer have admin rights on their machines and therefore cannot write outside of their $HOME (or whatever it's called in Windows). Granted there are still lots of places where this basic security policy isn't implemented but they are thankfully fewer every day (although their number will likely never drop to zero).

          However as other contributors rightly pointed out, /tmp and the swap file(s) are two problematic areas that should be addressed by a comprehensive cryptographic solu
    • Re: (Score:2, Insightful)

      by RHIC (640535)
      What about page files/swap space, application generated temporary files etc. There are plenty of places that potentially sensitive information could leak into on just about any OS.
      • But can't you only encrypt directories where the user has write permission and leave the system files alone? If you are encrypting system files (that everyone has access to un-encrypted versions of) doesn't that make the encryption much easier to break.
        • by jrockway (229604)
          Yes, it would make it easier in the sense that if every atom in the Universe were turned into the fastest computer known today, it would only take the lifetime of 10 Universes to crack the encryption, instead of 100. 256-bit encryption is hard to break, and AES has held up to a lot of scrutiny suggesting that a known-plaintext won't help you break anything very quickly.
    • From the requirements listed it doesn't appear this is just for Windows systems. I would also disagree with just encrypting home directory of your users on Linux systems. If you are going to go with a software encryption on Linux you need to encrypt more than just the home directory.
      That being said software encryption is just weak and doesn't even compare to FDE.
    • Re: (Score:3, Informative)

      by spellraiser (764337)

      Are they just concentrating on a Windows-only solution that will lock out OS X and Linux??

      From the requirements:

      SUPPORTED OPERATING SYSTEM, HARDWARE, FIRMWARE (NOTE: Vendors must support one or more of the following operating systems and it is important if you support multiple)

      Microsoft Windows 2000
      Microsoft Windows 2003
      Microsoft Windows XP
      Microsoft Windows Vista
      Sun Open Solaris
      Mac OS X
      Windows Mobile 5.0
      Windows CE
      RIM/Blackberry
      Palm
      Symbian
      Linux to include Red Hat, SuSE

      Truth be told, this doesn't really say that much ... 'It is important if you support multiple' - what does that mean?

    • by GodInHell (258915) *

      Why full disk encryption and not just the home directory?? Maybe things are so mixed up on Windows that you need full disk, but on OS X, Linux, and other Unixes it should be sufficient to encrypt only the home directory of users.

      Sure, until some idiot user notices that placing his files in root makes them load marginally faster.. or on a share.. or in a memory dongel.. or in his e-mail.. stupid users... they ruin everything.

      Seriously though, the less tech-saavy employees can be counted on to screw up through ignorance, and the tech-saavy will work around it because "they've got a good reason." People don't follow rules that aren't enforced - and on a PC that means all or nothing.

      -GiH

      Still think it's a pretty silly solution, but

    • I seriously hope you were just trying to troll a little bit with that question.

      Not everyone saves everything only in their home directories.
      • Re:Why Full-Disk?? (Score:4, Insightful)

        by cduffy (652) <charles+slashdot@dyfis.net> on Thursday December 28, 2006 @02:34PM (#17389906)
        Not a troll. If your system is appropriately configured, you (and your applications) won't be *allowed* to save things anywhere on the local drive other than your home directory. Temp and swap space are also good candidates for encryption -- but putting temp space in a ramdisk and encrypting swap is a pretty reasonable way to do this. Anything other than those should be code, not data -- and thus nonsensitive. Why spend the cycles to encrypt and decrypt without a need to do so?

        All that said, I think that giving a contract like this to a commercial vendor developing proprietary software would be... unfortunate. Funding addition of missing, necessary features to TrueCrypt would be a one-time expense (rather than one which scales with the number of systems deployed), and would benefit the private sector as well.
    • by Blakey Rat (99501)
      The requirements call for multi-OS support. Also, there's virtual memory swap... it's not in the /home folder, (or \Documents And Settings or /Users) and it can quite easily contain sensitive information.
    • Ok, on one hand, Yeah! WINDOWS SUCKS!

      Ok, now that we have that out of our system, let's look at this logically.

      The goverment is not planning on upgrading all their computers in order to do this. Neither are they planning to do some much, much harder: to verify that all the installed software is configured in such a way that it dosn't store information outside of the encrypted space, nor nail down systems so that their people cannot add software.

      Yes, that would be much easier on Linux or OSX (or any just a
      • by jrockway (229604)
        Full-Disk encryption isn't slow. Performing the decryption is much faster than waiting for an IO buffer to be filled from disk.
    • by throx (42621)

      Why full disk encryption and not just the home directory?? Maybe things are so mixed up on Windows that you need full disk, but on OS X, Linux, and other Unixes it should be sufficient to encrypt only the home directory of users.

      Yes, Windows is rather mixed up but *nix puts sensitive data outside the home directories all the time. Take the following examples:

      • /var/log has dozens of email addresses, all sorts of handy info on networking connections etc.
      • Databases can exist pretty much anywhere, though usuall
    • Re: (Score:3, Insightful)

      by NineNine (235196)
      Maybe things are so mixed up on Windows that you need full disk, but on OS X, Linux, and other Unixes it should be sufficient to encrypt only the home directory of users.

      should be? You gonna personally guarantee that every possible Linux and Mac application store all of their information in the same place? If we're talking "should be"'s, then there wouldn't be this problem in the first place, because no sensitive data should be stored on laptops that walk out of buildings. "Should be" is what causes the
  • 1. It's only a recommendation. Read it carefully.

    2. DoD was already doing something with this but in its normal -very slow- manner. I don't expect it to be fully implemented for a couple years yet.
  • I predict the government will lose more data this way than when storing data unencrypted. And, when they lose it this way, they won't be able to get it back. At least when they lose a stolen laptop and get it back, they usually still get their data.

    And, stealing laptops isn't how people are trying to steal data from the government... stealing laptops is how people are trying to steal laptops. Those going after government data have better ways to approach it than stealing laptops.

    So, when the government

    • by SQL Error (16383)
      I predict the government will lose more data this way than when storing data unencrypted. And, when they lose it this way, they won't be able to get it back. At least when they lose a stolen laptop and get it back, they usually still get their data.
      The data isn't supposed to be on the laptops in the first place.
    • by Splab (574204)
      Users should never ever have sensitive information on their laptop unless it's encrypted. And important data should NEVER EVER! only exist in one place. So if the laptop is lost with encrypted data, you lost a laptop, easy to replace and you just reload the information. If you on the other hand lose a laptop with unencrypted sensitive information you got all sorts of bad problems, ranging from stolen ID to blackmail and espionage.

      Not only should they be able to pull it off, someone should be fired for not h
  • Note that in the requirements doc, one of the requirements is:

    "Capable of secure escrow and recovery of the symetric [sic] encryption key"

    • Note that in the requirements doc, one of the requirements is: "Capable of secure escrow and recovery of the symetric [sic] encryption key"

      Obviously. What they want is:

      1) Halfwit employee loses laptop. Finder cannot recover data.

      2) Halfwit employee forgets password. Government can recover data.

  • by MrTester (860336) on Thursday December 28, 2006 @12:01PM (#17387924)
    Let me guess. The contract goes too....

    Halliburtons new encryption subsidary.

    Founded in 2006 by some guy who read a book on encryption.
    • if the government introduced legislation that protected its citizens as well as it protects its data.
    • Not so much that Halliburon will get it, probably not.

      But there's only a couple of IT contractors who handle stuff like this. And the way this works is the government wonks may select a product, but it's the IT project management firm that gets the contract to implement and this is where it starts going awry.

      -The backroom politics is fierce and has nothing to do with public service. This is a good game of influence peddling where deep pockets wins. See the story last month where the details of Microsoft'
      • Re: (Score:3, Insightful)

        by Brandybuck (704397)
        But there's only a couple of IT contractors who handle stuff like this.

        People need to understand this. Government rules, regulations and procedures disqualify most possbible bids. Only those companies *specialized* in government contracts get these jobs. In addition, the margins on these jobs are so small, that larger companies have a huge advantage in the bidding process. Throw in several layers of lawyers and you end up with a system several realities removed from any semblance of a market.
  • by Rob T Firefly (844560) on Thursday December 28, 2006 @12:03PM (#17387960) Homepage Journal
    You've got to check out my hot new encryption scheme, I call it Rotational Oscillating Telecode no. 13. [wikipedia.org] Fill your tubes with this stuff and I personally guarantee it foolproof against criminals and terrorists and journalists in every single test performed in my personal data-protection laboratory (my basement) with highly alert and cunning test subjects (my cats.)

    Bidding starts at $47 Million.
  • As long as any corp or fed agency with any threadbare reason can have access to the data, why bother encrpyting it?

    Oh, right, so the peasants won't... Ok, I'll shut up now, I got it.
  • information wanted to be free?
  • This has that sick feeling of a joke a tech threw out on the table to show a beurocrat that he was being stupid - only to have the beaurocrat say "we can do that!"


    Still, I wish them well with their (even yet slower) technology.

    -GiH

  • Allies (Score:2, Interesting)

    by LoonyMike (917095)
    I wonder if the computer owner will have to supply the decryption keys when in British [slashdot.org] soil...
  • I wonder if they're really buying a single solution to use on ALL their computers- I mean, I wonder how the NSA would feel about that. I have the feeling that they feel they're secure enough already and aren't going to weaken their security using some off-the-shelf product instead of whatever they're using now. I wonder if this will pass quietly, or if anyone will try to force this prescribed method of security on them.

    In general, this is another piece of typical monolithic bureaucracy command and contro
  • This is something I would like to do for all of my mobile users, and I prefer something that will work on older hardware like 3 years old, still a P4 laptop...

    I'm sure what's good enough for them will be good enough for me. I like the 'no vendor back door' requirements... that should keep out MS.
  • I hear that lots of Navy developers use Linux laptops. I wonder if/how this will apply to them.
    • I wonder what they'll do when the answer to encryption on Linux laptops is *free* ? There's no vendor to apply for it. Hopefully whoever is managing this effort won't be so stupid as to only consider techniques that cost money.
  • So, when the laptops get lost, the password to the FDE will be conveniently found on a Post-It note stuck to the side of the screen.
  • This is my job... (Score:4, Interesting)

    by BenEnglishAtHome (449670) * on Thursday December 28, 2006 @12:36PM (#17388438)
    ...at the moment. I'm hip-deep in user handholding and re-imaging crashed machines. Here are a few random points, dashed off quickly. If anyone has any questions, feel free to post.

    The June 23 White House memo had a 45-day deadline. Everyone has already blown the deadline.

    Big props to WinMagic for their marketing. They've been all over the government computer press for the last 1-2 years with press releases and random mentions that make it appear they are the only workable solution. As a result, the agencies that jumped on the bandwagon in time to meet a (seemingly common) end of year deadline have grabbed their SecureDoc software and started installing. My experience with it has been semi-OK. Given that the software is touching every single file on every machine that leaves our physical space, the number of screwups has been acceptable at less than 2%. Our most widespread problems have mostly been a result of insufficient server capacity to deal with all the machines being encrypted at the same time within the last couple of weeks. Whether that was a result of us going cheap on the server side or WinMagic promising that the servers could handle a bigger load than is actually the case, I don't know. I suspect it's a bit of both. Still, things are slowly working out, even if our frontline support staff is going to wind up losing, literally, a month of productivity to the project.

    A bunch of the requirements on that DOD checksheet are being ignored by civilian agencies. With no PKI infrastructure in lots of places, plenty of things have to be done "hands on" and the ability to do things like silent installs is out the window.

    A bunch of the names on that vendor list are just resellers and of little interest to the slashdot crowd. What's more interesting is the list of products that do the job. THAT list is much, much shorter.

    I haven't heard of anyone doing their encryption in hardware, which irritates me. I use hardware-encrypted drives at home and I was looking forward to doing the same thing at work. There is a widespread rumor in my agency that 2 or 3 generations of computer refreshment down the road, we'll transition to encryption in hardware. I hope so.
  • by Terje Mathisen (128806) on Thursday December 28, 2006 @12:37PM (#17388450)
    I work for a multinational corporation with more than 10 K laptops, we decided to use full disk encryption more than 5 years ago.

    At that time we found just 5 vendors who were qualified to deliver (after an initial pre-qualification round), and we invited them all to a specially setup testing lab: Of these 5 vendors, 3 were selling pure snake oil (encrypt the partition table and/or root directory only), it took less than 5 minutes to break into each of these.

    Nr 4 seemed a lot better, but after 20 minutes work I found the crucial 'compare password, JE decrypt' sequence in the driver, and we were in. :-(

    Only the final entry (from a german company) had understood how you design a product like this:

    First you encrypt, using your preferred symmetric key algorithm (AES-256 these days?), all sectors on the disk. You use some form of hash of the logical sector number as a salt when encrypting, this makes each block unique, even those that contain the same 'FDFDFDFD' freshly formatted pattern. The key you use for this is the master disk key, it is a random number generated during installation.

    Next you make a small table, with room for at least two entries: User and admin.

    The user entry can be modified as often as you like (we default to slightly less than once/month), while the admin key/password is constant, but unique to this particular PC.

    Each password (user/admin) is used as the key when encrypting the master key, which means that there is no way, even for the crypto architect, to recover the master key without knowing at least one of these passwords. (The passwords are never stored anywhere on the disk of course!)

    The admin key/password is saved both as a printout and on disk on a secure system (without any form of network connection), so that you can use it each time a user manages to forget his/her user disk password.

    There are lots of nice to have features as well, one of the more important is the ability to use a challenge/response setup to safely regenerate a user password remotely, without ever having to transmit the relevant admin key. This does require some kind of side channel to verify the identity of the user who owns the particular laptop: We use a combination of RSA's SecureID cards and the user's cell phone for this (each user has such a card to be able to use the corporate VPN connection which requires strong authentication).

    Terje
    • by Pike (52876)
      curious: what was the name of this German company? also, was guardian edge among the 5 you looked at and if so what did you think of their product?
    • by throx (42621)
      Just curious - does the system support multiple "user" entries? What is the boot sequence and does it require specialized hardware, or just has an unencrypted bootloader? What defenses does it have against someone putting a trojan bootloader in that grabs the key?
      • Re: (Score:3, Insightful)

        Re: Multiple user entries:

        Not initially, but I believe the current version does so.

        The boot sequence is to load (from a reserved area) the FDE sw which first tries to verify that it is running in plain unprotected DOS mode, then it takes over the keyboard hw so that it can read keystrokes without risking a trojan/keylogger attack.

        After getting the password/passphrase it uses this to decrypt the user entry which contains the master disk key: If this doesn't succeed it goes into a sw timeout loop, taking prog
    • by SethJohnson (112166) on Thursday December 28, 2006 @03:20PM (#17390558) Homepage Journal


      I work for a multinational corporation with more than 10 K laptops

      Just wanted to give you a reality check:

      If you work for a company like that and know this technology to the level you are describing in this post, you should leave your employer to start your own company providing this solution. There's no way you're getting paid at a multinational corporation as much as you would make in your own (successful) company. If you had launched your company back when you had performed the aformentioned evaluation, you'd probably have enough progress with your own product to pitch it in this govt. bidding process.

      Not trying to criticize you. Just trying to inspire people.

      Seth
      • There's a myth out there that the hardest part of technology is understanding the technology. That's certainly a part of it, but there's a lot more too it than that. You have to have funding or know how to get funding. You have to know how to run a company, or find someone that does. You also obviously have to take a lot of personal risk.

        Maybe the GP has all those skills and is willing to take the risk, maybe he doesn't. The point is though that the lure of making more money, or having more control ove
      • by tayhimself (791184) on Thursday December 28, 2006 @06:20PM (#17392800)
        Seriously though, google Terje Mathisen before mouthing off about who he works for or what he should do with his life. He is an extremely highly regarded authority on computer architecture and program optimization. Hell, his name was one of the first that John Carmack thought of when asked about the fdiv() function in Quake. Check comp.arch for more...
      • by Terje Mathisen (128806) on Thursday December 28, 2006 @07:01PM (#17393202)
        Been there, Done that.

        Before taking a one-year sabbathical (91-92) which I spent in the US, writing networking code, I had a company that sold terminal emulation/file transfer software. I sold enough licenses to make it one of the top 5 bestselling norwegian programs. During the last year the norwegian IRS grabbed 83% of every Krone I invoiced my customers.

        At that point I realized that I'd much rather work less and spend more time with my wife & kids, so I closed the company.

        I still write/optimize code, but always because I enjoy it, not to make money. (Sometimes I do get paid as well (in addition to my regular salary), but that's not the important part.)

        Re. "know this (crypto) technology": I want to know a lot more than just crypto, and the job I have, which is a sort of IT Fire Brigade Chief, means that I get to work on all sorts of interesting technology, including everything that's new, as well as everything that doesn't perform as well as it has to. The Full Disk Encryption requirements I mentioned in my first post were obvious to me at the time, but not to most of the vendors unfortunately.

        I spend my leisure time on orienteering http://orienteering.org/ [orienteering.org], which is the perfect thinking person's sport.

        I'm also the Scandinavian coordinator of the Confluence project http://confluence.org/ [confluence.org]

        Check google for my other interests!

        Terje
  • by mpapet (761907) on Thursday December 28, 2006 @12:56PM (#17388740) Homepage
    How this will probably work is the end solution uses a smart card to do some authentication and key storage.

    All gov't employees will at some point get an ID card similar to the Common Access Card. This will have a number of public keys on it. One of which probably decrypts their workstation.

    The U.S. gov't is building the capacity to issue millions of smart cards on their own. See this: http://www.fcw.com/article94813-06-07-06-Web [fcw.com] There was a proper publicly available contract up for bid for this project but it wouldn't surprise me if it has been pulled in favor of a no-bid award.

    Before anyone says, "Well it should be a secret! What if the terrists get a badge?!" There are two things to remember.

    1. Lots of bad people have proper ID in their country of choice. Identification has little if any relationship to their activities. The failure points remain the usual human factors out in the field.

    2. There's no need for secrecy in the production environment. Every half-decent perso system/PKI properly manages such an obvious point of failure. If a Visa-certified card plant can manage to keep track of 10's of millions of cards anyone can. It's not rocket science.

    I for one welcome our fully encrypted overlords.
    • by HBI (604924)
      The idea of someone on the road forgetting their pin, wiping their card somehow, or damaging the POS card readers just gives me that warm fuzzy.

      The experience of hearing some numbnuts claim "I'm the head of a $2B program! Make my computer work!" when they are in the armpit of the earth...yeah, this one will be a winner.
  • If the concern is with stolen laptops, wouldn't it be simpler to just have some kind of wireless cell phone built in to the laptop? Then when it is turned on, it receives a signal saying it's okay to boot? If the laptop is reported stolen, then it won't get the boot signal. As an additional step, it could have a built in gps, like most cell phones do, to alert the authorities to where the stolen laptop is located.

    I'm all for encryption keys, etc. But to expect all of the government workers to use them an
  • by Toby The Economist (811138) on Thursday December 28, 2006 @01:21PM (#17389012)
    This is absolutely the right thing to do.

    I can however confidently predict that since a very large number of people are involved in making the decision, the worst possible product will be chosen.

    So it won't be TrueCrypt, or something decent - it'll be something like the latest commerical version of PGP.

  • 000000? (Score:3, Funny)

    by sribe (304414) on Thursday December 28, 2006 @01:40PM (#17389240)
    Sooo, I wonder if the encryption keys will be set like ICBM launch codes, all at "000000"???

"Tell the truth and run." -- Yugoslav proverb

Working...