The Always-Encrypted Firewire Hard Drive

ducman points to the announcement of an encrypted hard drive running on the MacNN website. The drive features a DES 64-bit/ 40bit key strength and "is intended for use by banks, insurance providers, government agencies, and those individuals with sensitive digital intellectual property. It supports the IEEE 1394a connectivity standard, in addition to USB 1.1 and 2.0. It offers data transfer rates over FireWire 400 of 100, 200, or 400 Mbps. The SuperGuard is expected to be available February 7." Sounds great -- but the USB key stuck in the back looks like a likely point of failure.

DES?!!?

[patrik]

DES has been replaced by Rijndael (AES)in the govt. Or at least that's what's supposed to happen, DeS is no longer secure enough. I would bet that with the huge ammounts of data stored on a disk differential techniques would make it a snap to get the key. What's worse is an easy to crack crypto system that you believe in is worse than no crypto system at all since you're likely to store data on it that you might not store otherwise.

Patrik

He does this already

[Millennium]

Make a big file image, format it, mount it via loopback, encrypt everything that goes on it.

That's what encrypted DiskCopy images essentially are, just wrapped in a nice interface. It's actually a pretty neat system.

Not so crap

[maroberts]

Those who've criticised it for it's key length have missed a perhaps an important point, which its that it encrypts without consuming the processor power of the host machine and supports full bus transfer rates whilst encrypting. If your system processor load is a bit hairy, you perhaps don't want to add to it by trying to encrypt on the CPU.

Still, the same device with AES, 3DES or similar would be much better....maybe next time!!

DES weaknesses

[billstewart]

3DES is just fine - as you say, DES hasn't been cracked, it's just been brute-forced, and 3DES increases the brute-force work by 2**56, which means it'd take about 2**56 days to brute-force instead of about 1 day. The only reasons not to use 3DES are that it's 3 times slower than DES (no big deal here), or that you trust AES well enough to use it instead (about 10 times faster than 3DES), or that you don't have enough room in some existing protocol to store a 112-bit or 168-bit key, in which case you should probably fix your protocol instead.

"40-bit DES", on the other hand, is either a well-designed crock or poorly-designed crock, which is pretty trivial to crack. The only reason to use such any 40-bit key is to comply with anti-Communist US export regulations that got dropped a few years ago, largely due to the EFF's DES-cracker machine and the internet distributed DES crack effort, both of which emphasized the weakness of 16-bit DES.

On a technical note, cracking well-designed 40-bit DES subsets is not 2**16 times faster than cracking 56-bit DES, or John Gilmore could do it in 3 minutes in his basement. DES has two main phases, a key-scheduling phase and an S-box phase, and the DES cracking efforts took advantage of some interesting work by Peter Trei on key scheduling, which found a search order that makes each key-schedule a simple modification of the previous one, instead if its normal relatively slow calculation. So a 40-bit DES crack might take 5-10 times as long per key as a 56-bit DES crack, unless the 40-bit subset was designed to avoid that. On the other hand, the EFF and Internet DES cracks were in 1998, and computers have gotten about 8-10 times faster since then...