Slashdot Mirror
The Always-Encrypted Firewire Hard Drive
ducman points to the announcement of an encrypted hard drive running on the MacNN website. The drive features a DES 64-bit/ 40bit key strength and "is intended for use by banks, insurance providers, government agencies, and those individuals with sensitive digital intellectual property. It supports the IEEE 1394a connectivity standard, in addition to USB 1.1 and 2.0. It offers data transfer rates over FireWire 400 of 100, 200, or 400 Mbps. The SuperGuard is expected to be available February 7." Sounds great -- but the USB key stuck in the back looks like a likely point of failure.
the key length is too short.
Encrypted loopback devices on linux and bsd (and MacOS) are easier and cheaper.
And more secure IMHO.
And it only took 6.4 seconds to crack into once the harddrive was hooked up to a standard PC.
Anyone in here actually read Applied Cryptography? This was 1995 when it was published, and especially for bank use, you'd NEVER use anything less than a 128 bit key.
Also, did they say DES or 3DES? Hasn't DES been cracked?
From the article:
*Device driver free, operating system independent
*Microsoft Windows98 SE, Windows ME, Windows 2000, Windows XP and Mac OS compatible
First off, how can it be OS independent and have a list of compatible OS's? If it's a hardware-based solution, then how can some OS's not work with it?
An encrypted drive is a cool idea, but i would much rather use CFS (crypted file system) on a regular drive than this. DES offers no security to the people who want your data.
Part of the security of this device is the fact that you shouldn't let it get into unwanted hands. Yes, I agree the encryption standard is weak as hell. This is a first generation technology, so give it a break. I think the weak encrypion was compromise since, as many have pointed out, the hard drive is rather slow and it has to encrypt things...
I'll bet there are other companies working on a similar technology, I won't purchase one until I get variable key length and some decent speed specs.
-Code
---PRESS ANY KEY TO CONTINUE---
"Now, where's the damn 'any' key?"
It looks like as long as you've got the little dongle-thingy your drive will work; without it you're toast. So aside from any concern about the (only) 40-bit encryption, it seems like you'd have to make sure you hid the key (and not forget where you hid it). And if the key or its socket were to, ummmm... break or something (it's an external enclosure, so it could fall and the wires break), well you wouldn't have any data at all. And if the key got stolen, well then the thief only has to stick the thing into the drive and voila, there's your data.
I know a lot of corporate IT types will think this is exciting, especially as new data security laws keep hitting the books. Full time encryption seems pretty secure. And the price seems fair, especially since it seems to take any EIDE drive and secure it, and (quoted from the article), "capable of maneuvering 66MByte/ sec throughput without taking any system resources." Just don't lose that darn key! And maybe they'll develop an internal version that would be more secure from bumps, knocks, and falls.
Now, I've gotta get one of them new-fangled firewire (or USB 2.0) ports. And a hook to hang the little dongle from.
Everything I've ever learned the hard way was based on a statistically invalid sample.
Conceivably. Anyone who is running one of these drives without backups somewhere is even more insane than the folks running un-encrypted drives without backups. The backups themselves can easily be encrypted, so there's no need for major security risk. If your key dongles stop working or your drive fries, you'd better have some way of getting the bits back from outside, 'cause they're not coming from the platter.
OTOH, what is "64-bit/ 40-bit DES" supposed to be? Presumably this means the drive supports "40-bit watered-down DES keys" and "64-bit normal DES blocks". So I guess I'm wrong: this drive is designed to be break-inable in an emergency. Great. I'll wait until they offer 3DES or AES-128 options, thanks.
In the meantime, check out the BSD Cryptographic disk driver cgd: SW on-disk encryption at the block level.
Why would they just release a hard drive based on Firewire 400 when the 800 just came out?
Besides the fact that a single hard disk isn't going to saturate a Firewire 400 bus, you've answered your own question: it just came out. So it'd be useless unless you owned one of the newest 17" PowerBooks, which won't ship for "6-8 weeks".
I'm all for embracing new technologies, but why release a hard disk enclosure that supports a standard nobody's even using yet? (Maybe if they also sold Firewire-800 PCI cards...)
No, for the same reason that 2^40 + 2^128 != 2^168. You're not combining the keys, you're just using them after eachother. In the end, the 40 bits DES encryption doesn't even really matter, since the 128 AES key dwarfs its complexity (like in efficiency analysis, O(n) + O(n^2) = O(n^2)).
Donate free food here
>Performance isn't bad at all. I don't even notice it in my >application since my bottleneck is the 100T connection
>to the server rather than the 400Mb Firewire bus or the
>encryption speed, but even with local copies, a G4
>should do a fine job of keeping up with the Firewire bus.
>The FW 800 bus will be a little different matter. Maybe
>the dual 1.42 G4 can do it, but I doubt my lowly PB
>could.
While it's fine to get excited about fast busses, it's important to remember that they're that fast because they're designed to support a bunch of drives, not because each drive is actually capable of pushing that much data. If you're luicky, the drive inside the enclosure is a 7200 rpm ata drive, which isn't capable of filling the ata100 bus on it's own, let alone a firewire 800 bus.
Sitting Walrus Blog