On Thursday, 27 June 2013 05:27:03 UTC-4, santosh wrote:
I understand using it on a personal or work phone / laptop, but I'm not sure how much sense
it makes to use FDE on a workstation. FDE is for stuff that can get physically stolen, it's useless
against everything ranging from keyloggers to APTs, and for a system that's not going anywhere
like a desktop, those are the threats that matter.
Keyloggers are definitely a threat, as is someone looking over the shoulder. However, I think it makes sense to have full disk encryption on my workstation for one reason, and that's security once I'm done using the workstation. Given the amount of data that's cached by browsers (like persistent logins, authentication cookies, account details, etc.) I'd definitely feel better that even if I screw things up by forgetting to shred that one file; no one can access that data without a passphrase that I sure am not going to give up.
Of course, this works only because I have root access on my workstation, and that I'm going to be the only user for the next three months, after which I can wipe the system and return it. I would not do this on my office Mac, mainly because I know that my advisor will hand it over to an intern for the summer. Cleaning up the Mac before leaving was a tough gig; mainly because I had to be sure that I had securely deleted all files that could contain any personal information.
Which brings me to the next part: I think it definitely makes sense to encrypt the $HOME folder (or it's equivalent) on any computer, because that's where almost all the personal information resides. On a workstation or a shared computer, it's all that more important, just because anyone with an account could possibly access the files unless you've mastered chmod and chown; and I'm sure that does not prevent the sysadmin from reading any file.
The trouble with file or folder encryption really is that it's a local method, and it does allow any attacker to find out which files have been modified; and that can possibly leak information. It could be potentially worse in journaling file systems, or file systems where data is not guaranteed to be overwritten, because that offers the attacker a view of "before" and "after" versions of the encrypted file, which is terrible from the point of view of security. Encryption is effective only if the attacker cannot find out what content has changed, and that's one of the reasons why whole disk encryption or partition level encryption works better than file or folder level encryption.
As an aside, check out this talk by Cory Doctorow:
http://www.youtube.com/watch?v=gbYXBJOFgeI. Warning! It's an hour long, so grab some popcorn, and take time out to watch it. Or watch it at work. I'm sure it's way more interesting than whatever you're doing right now. :)
Skand.