5 comments

[ 0.23 ms ] story [ 19.0 ms ] thread
"So while the usage of TrueCrypt has faded, especially when its open source developers gave up maintaining the code, it has been up to Microsoft BitLocker to take over and become the tool of choice for encrypting disk drives."

That made me bit worried there'd be no mention of Veracrypt later in the post.

> A particular risk is Windows BitLocker — which has a virtual monopoly in the market place for complete disk encryption — as it often relies on the hardware encryption used in the SSD drives.

Seriously? Microsoft trusts SSD / HDD firmwares to do what they claim? SSD firmware is often just as bad as most UEFI implementations. I mean, they must know that, right? I can't believe they would be that naive?

For businesses, security is mostly about having someone to blame. If Microsoft did not leverage the hardware encryption capabilities in the drives they would end up being responsible for the performance not being as good.

In the world of proprietary black boxes, security is evaluated by the claims of the product sheet.

Microsoft is trusting SSD manufacturers to do the right thing, just as businesses are trusting Microsoft BitLocker to do the right thing.

Personally I trust Microsoft to make decisions that are good for their stock holders. That means having just enough security to avoid ending up with the blame in cases like this.

Samsung's lawyers are probably brain storming ways to get back at those pesky security researchers who made them look bad.

The article fails to mention Apple. Are they affected by this?
> along with hardware encryption

Why? Why not just use software encryption?