The Always-Encrypted Firewire Hard Drive

ducman points to the announcement of an encrypted hard drive running on the MacNN website. The drive features a DES 64-bit/ 40bit key strength and "is intended for use by banks, insurance providers, government agencies, and those individuals with sensitive digital intellectual property. It supports the IEEE 1394a connectivity standard, in addition to USB 1.1 and 2.0. It offers data transfer rates over FireWire 400 of 100, 200, or 400 Mbps. The SuperGuard is expected to be available February 7." Sounds great -- but the USB key stuck in the back looks like a likely point of failure.

Use encrypted loopback

OS/X can be made to support it ... AFAIK Darwin does.

- Make a big file image, format it, mount it via loopback, encrypt everything that goes on it.

Somebody mod up the ACs...

[aardvarkjoe]

The ACs in this thread are correct. 40 bit encryption isn't going to keep anyone but a casual snooper out of your data.

Re:DES?!!?

[God!+Awful+2]

AES really hasn't been deployed that much in practice, however 3DES has been standard for quite some time. Cracking DES by differential techniques is non-trivial. The biggest problem is that it can be cracked by dedicated hardware costing only a few million dollars, or by a group of computers in a distributed system. And if you're using 40 bit DES then that's just completely worthless.

-a

Bruce, put this one in your doghouse listing

[Kiwi]

Why do I get the feeling this product will end up in the doghouse section of Bruce's next Crypto Gram newslatter?

The people who designed this hard disk are confused about how DES works. First of all, DES has a 56-bit, not a 64-bit key. Second of all, the days of being forced to use 40-bit encryption are, thankfully, over.

If one is going to all of the effort to encrypt a hard disk, why will they encrypt it using only Single DES? It is possible to build a single-DES cracker for under $10,000 US; the 56-bit key which single DES has to offer is just not long enough.

They would have been much better off encrypting this unit with AES, which uses Rijndael to encrypt files. Rijndael has a key size between 128 and 256 bits long, which can not be brute forced with current technology. Rijndael is also more efficient than DES when implemented in software.

Also, security is only as strong as its weakest link. If the hard disk is always readable when the key card is attached, then great care must be taken to detatch and hide the key card. Far better security can be obtained by a system which asks for a passphrase. Ideally, have a system which needs both the key card and the passphrase.

While I think this is a good idea, I think one is better off with the kernel patches which allow one to encrypt filesystems in Linux.

(For windows and Mac users, sorry, I use neither so can not help you)

- Sam

Encrypted disk images rock.

[marmoset]

Encrypted disk images are really easy to use on OS X. They're encrypted using AES-128 (much more secure than the above hardware solution) and the performance is really quite good (fast enough to playback Quicktime movies from, even on a G3.) The Apple KBase entry on how to use them is here.

Re:Wow super secure

[Bishop]

DES has not been cracked. It has been bruted forced in a short ammount of time. There is a difference.

That said DES and possibly even 3DES should no longer be used.

False advertising

[Bishop]

From FireWire Depot page:

"...offers the military grade protection for your classified data."

Calling DES "military grade protection" is pretty close to a blatant lie.

Re:False advertising

[Detritus]

The last time I checked, DES was only authorized for the protection of SBU (Sensitive But Unclassified) data. This would include things like personnel and medical records. Classified information requires protection by NSA approved algorithms and hardware. As far as I know, Skipjack is the only published algorithm that has been approved for the protection of classified information, and that is only for the lower levels of classification.

Re:False advertising

You'd think so, but that's actually not true (at least for many non-US armies). At least not if you consider "being used by armies around the world" to be close enough for claiming "military grade".

FWIW, when I served in the army signal troops (in Europe, early 90s), we had these nifty little terminals that encrypt messages sent over digital radio frequencies (either links or direct broadcast). And from the manuals I noticed that encryption method was DES, albeit 3-DES (which makes enough different, close to doubling its effective key size). Of course the officer that taught the classes had no idea what I was talking about when I asked about encryption algorithm, and checksum used for verifying keys (that were changed daily)... I soon learnt to keep my mouth shut when I knew more than higher-ranking people did. :-)
Using (3)DES probably made lots of sense, as hardware chips for doing it were available even back then.

That said, single DES certainly hasn't been viable for some time now, and there are some doubts about 3DES as well. For non-US-govt - proof (but good enough against individual enemies or companies) 3DES is likely to work ok, for now... but there's no point in relying on that, as there are better alternatives like others have pointed out.

Re:False advertising

Agreed. For the higher level secrets the algorithm must be classified too. And no, this is not security through obscurity.

Re:False advertising

[AIXadmin]

Someone forgot to tell them that AES has replaced DES as the SBU standard.

Re:Wow super secure

[tweakt]

Hasn't DES been cracked?

DES hasn't been cracked per-se but the 40bit keyspace can be scanned very efficiently now with distributed computing and specialized hardware.

• Distributed.net (40 days)
• Deep Crack(56 hrs)
• EFF(22 hrs)

Encrypted file system for mac users

[jos3000]

OS X users can use Disk Copy

http://www.apple.com/macosx/technologies/securit y. html

Re:Why not just use Scramdisk or Drivecrypt??!

[ashkar]

Well, it appears in this particular case there is less than an advantage to going the hardware route, but theoretically, hardware could could provide a much faster and secure solution.

For instance, encrypting and decrypting the data via software would cause cpu and memory overhead on the host machine. The encryption software would also need to be installed on all machines that you want to use it on, and this is looking to be a portable drive. Also, using an external encrypter, it's less likely that a keygrabber or trojan can grab your password.

Military Security and Key Length

[wordisms]

Read this paper to see why 40-bit keys are so bad.

However, to point to where the "military grade" security claim is coming from is the fact that in many military situations information is only needed to remain secure for minutes or a few hours. Unfortunately for FW Depot, that generally applies to wireless communications, not data stored on hard drives.

Maybe they are hoping that people will use it to courier sensitive data...but then they could just hire Johnny Mnemonic.

Yeah, bad product trying to meet ITAR regulations so they can export.

Likely point of Failure? Not the USB key!

[jkbull]

If you look at the actual specs, and the fact that the enclosure provides "Real-time... Encryption/ Decryption" all this enclosure does is to encrypt the data going out, and decrypt traffic coming in. The data on the actual hard drive does not seem to be encrypted. This enclosure is not going to stop anyone who bothers to actually open the case, remove the hard drive and put in their own enclosure/install it in their own computers. Nobody in their right mind should use this case, unless potential data thieves are going to nicely agree to keep the hard drive in its pretty enclosure, or the manufacturer adds a lock to the case.