gpgdisk campaign

[Ryan Malayter]

On 10/25/06, vedaal at hush.com <vedaal at hush.com> wrote:
> but they can get TrueCrypt for free now,
>

There are two major reasons we're using the commercial PGPdisk here
instead of TrueCrypt.

1) Manageability - PGPdisk offers centralized deployment, policy
management, key escrow, etc.
2) TrueCrypt's inability to encrypt the boot disk on any platform.

The first is a failing that many open source software have; management
is usually accomplished through scripting. That adds lots of
flexibility, but makes the product far less attractive to IT
departments that just want to make it work quickly.

The second is more of an architecture problem with TrueCrypt. PGPdisk
and other whole-disk encryption products do some very low-level,
OS-dependent stuff, like loading from the boot sector and then handing
off to an OS-specific device driver. These are the sorts of things
that are difficult to accomplish without heavy involvement from the OS
vendor.

This is also why a "GPGdisk" is probably unworkable. GnuPG is designed
and strives for platform independence, and thinks like disk drivers
are inherently platform specific.

I would think that improving TrueCrypt, perhaps stealing the OpenPGP
smart card support from GnuPG, is the "best bet" for full-featured,
open-source whole-disk encryption program.

Finally, let's not forget the 800-pound gorilla: Microsoft already has
per-file encryption (with decent key management in the OS), and has
added whole disk encryption to Vista. If those solutions work well
enough, practical Windows users will not see the benefits of an open
source disk encryption solution outweighing the complexity of their
use.

Regards,
Ryan