I was asked what makes Private Disk better than the hardware-based encryption solution offered by another company. The name of the other solution will not mentioned, because it is not relevant - the arguments are valid in either case(Sony Vaio VGN-FZ battery).
The discussion is about Private Disk vs. a hardware based encryption solution that is built into a 4 GB USB disk.
Note that some of the points were taken out of context, so they may sound a bit weird (us = Dekart, them = "the other company")(Sony VGP-BPS8 battery).
They use the same algorithm for encryption, AES-256. Our implementation is certified by NIST (we also have certifications for the used hashing algorithms). Having a certification makes it clear that you're dealing with someone who is not just an amateur cryptographer; many other competing solutions use implementations that were not tested by an unbiased third party(Sony VGP-BPL9 battery). So this makes a difference, because not all implementations are equally correct and effective.
"The software needs to be able to access, for example, a private key. Software and hardware debuggers can monitor the software and capture the private key for rogue use"(Sony VGP-BPL11 battery).
The fact that the keys are stored somewhere is obvious. Getting them out of there is non-trivial; I have recently answered a similar question on our forum(Sony VGP-BPL15 battery).
Since our solution uses a driver, the encryption key is stored in the system's kernel memory, which cannot be accessed by user-mode processes (unless a user-mode program 'asks' the driver to pass it some data and the driver complies; Private Disk is built in a way that the key is 'forgotten' immediately and only known to the driver, and there is no option in the driver to pass it back to anyone - even Private Disk itself) (Sony VGP-BPS13 battery).
In their case, they don't use a driver, so there must be a user-mode program which takes your password and passes it to the device. That's the weak spot, so I would definitely start with that point. Analyzing the memory of a user-mode process requires much less skills than in the case of a driver (when I say "less" I don't mean "piece of cake", everything is relative) (Sony VGN-FZ61B battery).
In other words, before the key reaches the device, it is subject to the same threats.
They may also use "zero performance penalty" as a factor that makes a big difference. That's correct, software encryption will obviously take some CPU cycles, but with today's modern computers this is not that critical anymore(Sony VGN-FZ31E battery). I am not saying that "Private Disk is very slow, but with a fast computer you won't notice anything anyway"; In fact I must point out that Private Disk is a very well-designed tool, it has a low memory footprint and it never was, nor it will ever be a performance hog. It is also able to run on Windows 9x machines, besides the modern Windows NT-based systems(Sony VGN-FZ180E battery).
Another point is that since we're providing everything in software - we can provide updates easier. When AES-256 becomes outdated, it's a matter of updating the program. In the case of hardware it's also a matter of "getting rid of" a device (multiply that by N - how many devices you have in the company) (Sony VGN-FZ18E battery).
Flash memory has a finite number of write cycles (of course this problem is being dealt with, and technology evolves; and this finite number is big enough already) - so you might have to replace the device sooner, because you have to make sure the device is not 'worn out'(Sony VGN-FZ160E battery).
Other significant things, Private Disk is better because:
we provide backup functions - so you can have an encrypted backup outside the flash disk (for archive purposes)
you can create images of very large sizes and store them anywhere (remote share, DVD, laptop... you name it). You are not tied to a flash disk(Sony VGN-FZ15M battery);
Private Disk can work with multiple encrypted drives at the same time, the drives can be of different sizes, file systems
you can store database files inside a virtual disk, share them across the network - this would not be possible with the USB storage (too slow, too many write operations, size constraints) (Sony Vaio VGN-FZ18G battery)
Private Disk can be configured in a way that allows different users to access the same image using different passwords
Disk Firewall - this is something nobody else has - an application level filter that prevents other programs from accessing the contents of the protected disk. For instance, once the disk is mounted - a virus can infect it, or simply copy its contents elsewhere(Sony VGN-FZ345E battery). In the case of Private Disk - this is impossible, because untrusted programs will be rejected. This brings data protection to an entirely new level - you don't need an antivirus or antispyware, because Disk Firewall takes care of that, and there is no need to update every day, or pay for updates(Sony VGP-BPS14 battery).
We provide helpful support. I once tried to find something out and contacted their helpdesk - never received a reply. Perhaps things would have been different if I indicated that I was planning to make a major purchase? There is a chance that their reply was marked as spam (though I checked my filter and nothing was there), so I don't really have the right to say their support team is not effective(Sony VGN-FZ11M battery).
From the points above, the ones that matter the most to me (as an end user) are: Disk Firewall, and the ability to create encrypted disks of very large sizes (it will take a long time until USB flash disks are of at least 100 GB in size, and work as fast as a hard disk) - this gives me the chance to use encryption for serious activities (storing my mail archive on it, or a database, or the company's CVS repository, etc). Of course, people are different, so your mileage may vary(Sony VGN-FZ11L battery).
No comments:
Post a Comment