[mindslight]

Friends don't let friends use snake oil encryption, like the kind offered by "on-disk" solutions. That thing even has key escrow - either cheaply-implemented 'trusted' hardware, or a second 'secret' key known by every copy of the unlocking software! There's little impetus for widespread analysis of any of these proprietary solutions, as there's too many models to focus on. If you actually want to protect your data, stick with the standard software FDE for your OS - it should be a one-click option (and hopefully the default) at installation time.

[pavel_lishin]

> or a second 'secret' key known by every copy of the unlocking software!

Are you sure that each drive doesn't have its own key, tied to the serial number?

[phaer]

Wouldn't that mean that the manufacturer still has the secret key? That would make you vulnerable to government agencies,... and it is not the case if you use truecrypt or dm-crypt/luks.

[mindslight]

That would be preferable, and would have the same properties as keeping a non-passphrase-encrypted copy of your LUKS key elsewhere (possibly a central repository), but would reduce the usability of their software that can 'unlock whole fleets of drives'. And there's no guarantee that there isn't even a secret third unencryption method, companies love to have future options.