9.4 Encrypting a Volume

The risk and policy discussions in Section 9.1 argue strongly for encrypting storage volumes of all shapes and sizes, but volume encryption also poses some challenges. If a cryptanalyst steals an encrypted drive, there will be gigabytes of ciphertext with which to work. The attacker will be able to guess some of the corresponding plaintext because disk formats are public knowledge. In addition, the attacker can be certain that a great deal of duplicate data resides on the drive, just because that’s what happens on a modern hard drive. If the encrypted drive is a system drive, the attacker might be able to make astute guesses about the drive’s contents and make undetectable changes to it.

These risks lead to the following ...

Get Elementary Information Security, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.