Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Always-Encrypted Firewire Hard Drive

Posted by timothy on from the only-terrorists dept.

ducman points to the announcement of an encrypted hard drive running on the MacNN website. The drive features a DES 64-bit/ 40bit key strength and "is intended for use by banks, insurance providers, government agencies, and those individuals with sensitive digital intellectual property. It supports the IEEE 1394a connectivity standard, in addition to USB 1.1 and 2.0. It offers data transfer rates over FireWire 400 of 100, 200, or 400 Mbps. The SuperGuard is expected to be available February 7." Sounds great -- but the USB key stuck in the back looks like a likely point of failure.

7 of 230 comments (clear)

  1. Somebody mod up the ACs... by aardvarkjoe · · Score: 5, Informative

    The ACs in this thread are correct. 40 bit encryption isn't going to keep anyone but a casual snooper out of your data.

    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
  2. Bruce, put this one in your doghouse listing by Kiwi · · Score: 5, Informative
    Why do I get the feeling this product will end up in the doghouse section of Bruce's next Crypto Gram newslatter?

    The people who designed this hard disk are confused about how DES works. First of all, DES has a 56-bit, not a 64-bit key. Second of all, the days of being forced to use 40-bit encryption are, thankfully, over.

    If one is going to all of the effort to encrypt a hard disk, why will they encrypt it using only Single DES? It is possible to build a single-DES cracker for under $10,000 US; the 56-bit key which single DES has to offer is just not long enough.

    They would have been much better off encrypting this unit with AES, which uses Rijndael to encrypt files. Rijndael has a key size between 128 and 256 bits long, which can not be brute forced with current technology. Rijndael is also more efficient than DES when implemented in software.

    Also, security is only as strong as its weakest link. If the hard disk is always readable when the key card is attached, then great care must be taken to detatch and hide the key card. Far better security can be obtained by a system which asks for a passphrase. Ideally, have a system which needs both the key card and the passphrase.

    While I think this is a good idea, I think one is better off with the kernel patches which allow one to encrypt filesystems in Linux.

    (For windows and Mac users, sorry, I use neither so can not help you)

    - Sam

    --

    The secret to enjoying Slashdot is to realize that it should not be taken too seriously.

  3. Encrypted disk images rock. by marmoset · · Score: 5, Informative

    Encrypted disk images are really easy to use on OS X. They're encrypted using AES-128 (much more secure than the above hardware solution) and the performance is really quite good (fast enough to playback Quicktime movies from, even on a G3.) The Apple KBase entry on how to use them is here.

  4. Re:Wow super secure by Bishop · · Score: 4, Informative
    DES has not been cracked. It has been bruted forced in a short ammount of time. There is a difference.

    That said DES and possibly even 3DES should no longer be used.

  5. False advertising by Bishop · · Score: 5, Informative

    From FireWire Depot page:

    "...offers the military grade protection for your classified data."

    Calling DES "military grade protection" is pretty close to a blatant lie.

    1. Re:False advertising by Detritus · · Score: 4, Informative

      The last time I checked, DES was only authorized for the protection of SBU (Sensitive But Unclassified) data. This would include things like personnel and medical records. Classified information requires protection by NSA approved algorithms and hardware. As far as I know, Skipjack is the only published algorithm that has been approved for the protection of classified information, and that is only for the lower levels of classification.

      --
      Mea navis aericumbens anguillis abundat
  6. Likely point of Failure? Not the USB key! by jkbull · · Score: 3, Informative

    If you look at the actual specs, and the fact that the enclosure provides "Real-time... Encryption/ Decryption" all this enclosure does is to encrypt the data going out, and decrypt traffic coming in. The data on the actual hard drive does not seem to be encrypted. This enclosure is not going to stop anyone who bothers to actually open the case, remove the hard drive and put in their own enclosure/install it in their own computers. Nobody in their right mind should use this case, unless potential data thieves are going to nicely agree to keep the hard drive in its pretty enclosure, or the manufacturer adds a lock to the case.