The Fallacy of Full Disk Encryption - dummies

The Fallacy of Full Disk Encryption

By Kevin Beaver

It seems simple enough to just encrypt your laptop hard drives and be done with laptop security. In a perfect world, that would be the case, but as long as people are involved, a mobile weakness will continue to exist. Several problems with disk encryption create a false sense of security:

  • Password selection: Your disk encryption is only as good as the password (or passphrase) that was used to enable the encryption.

  • Key management: If your users don’t have a way to get into their systems if they forget or lose their passwords, they’ll get burned once and do whatever it takes not to encrypt their drives moving forward. Also, certain disk encryption software such as Microsoft’s BitLocker may provide the option for (or even require) users to carry around their decryption key on a thumb drive or similar storage device. Imagine losing a laptop with the key to the kingdom stored right inside the laptop bag! It happens.

  • Screen locking: This third potentially fatal flaw with full disk encryption occurs when users refuse to ensure their screens are locked whenever they step away from their encrypted laptops. All it takes is a few seconds for a criminal to swipe a laptop to gain — and maintain — full access to a laptop that’s “fully protected” with full disk encryption.

One final note, and this is important: certain types of full disk encryption can be cracked altogether. For example, the protections offered by BitLocker, FileVault2 (Mac OS X), and TrueCrypt can be fully negated by a program from Passware called Passware Kit Forensic.

Furthermore, you shouldn’t be using TrueCrypt given that its original developers went dark and flaws exist that can allow for full system compromise. Another option for cracking encrypted disks is ElcomSoft Forensic Disk Decryptor. Even with these vulnerabilities, full disk encryption can still protect your systems from the less technically-inclined passers-by who might end up in possession of one of your lost or stolen systems.