The Always-Encrypted Firewire Hard Drive

ducman points to the announcement of an encrypted hard drive running on the MacNN website. The drive features a DES 64-bit/ 40bit key strength and "is intended for use by banks, insurance providers, government agencies, and those individuals with sensitive digital intellectual property. It supports the IEEE 1394a connectivity standard, in addition to USB 1.1 and 2.0. It offers data transfer rates over FireWire 400 of 100, 200, or 400 Mbps. The SuperGuard is expected to be available February 7." Sounds great -- but the USB key stuck in the back looks like a likely point of failure.

worthless

the key length is too short.

3rd post!

Encrypted loopback devices on linux and bsd (and MacOS) are easier and cheaper.

And more secure IMHO.

Wow super secure

And it only took 6.4 seconds to crack into once the harddrive was hooked up to a standard PC.

Anyone in here actually read Applied Cryptography? This was 1995 when it was published, and especially for bank use, you'd NEVER use anything less than a 128 bit key.

Also, did they say DES or 3DES? Hasn't DES been cracked?

Re:Wow super secure

[Bishop]

DES has not been cracked. It has been bruted forced in a short ammount of time. There is a difference.

That said DES and possibly even 3DES should no longer be used.

DES?!!?

[patrik]

DES has been replaced by Rijndael (AES)in the govt. Or at least that's what's supposed to happen, DeS is no longer secure enough. I would bet that with the huge ammounts of data stored on a disk differential techniques would make it a snap to get the key. What's worse is an easy to crack crypto system that you believe in is worse than no crypto system at all since you're likely to store data on it that you might not store otherwise.

Patrik

He does this already

[Millennium]

Make a big file image, format it, mount it via loopback, encrypt everything that goes on it.

That's what encrypted DiskCopy images essentially are, just wrapped in a nice interface. It's actually a pretty neat system.

Somebody mod up the ACs...

[aardvarkjoe]

The ACs in this thread are correct. 40 bit encryption isn't going to keep anyone but a casual snooper out of your data.

I have a cheaper solution

[t0rnt0pieces]

If you want to prevent someone from getting your data, just buy a Western Digital drive. No one will be able to recover it!

Bruce, put this one in your doghouse listing

[Kiwi]

Why do I get the feeling this product will end up in the doghouse section of Bruce's next Crypto Gram newslatter?

The people who designed this hard disk are confused about how DES works. First of all, DES has a 56-bit, not a 64-bit key. Second of all, the days of being forced to use 40-bit encryption are, thankfully, over.

If one is going to all of the effort to encrypt a hard disk, why will they encrypt it using only Single DES? It is possible to build a single-DES cracker for under $10,000 US; the 56-bit key which single DES has to offer is just not long enough.

They would have been much better off encrypting this unit with AES, which uses Rijndael to encrypt files. Rijndael has a key size between 128 and 256 bits long, which can not be brute forced with current technology. Rijndael is also more efficient than DES when implemented in software.

Also, security is only as strong as its weakest link. If the hard disk is always readable when the key card is attached, then great care must be taken to detatch and hide the key card. Far better security can be obtained by a system which asks for a passphrase. Ideally, have a system which needs both the key card and the passphrase.

While I think this is a good idea, I think one is better off with the kernel patches which allow one to encrypt filesystems in Linux.

(For windows and Mac users, sorry, I use neither so can not help you)

- Sam

Encrypted disk images rock.

[marmoset]

Encrypted disk images are really easy to use on OS X. They're encrypted using AES-128 (much more secure than the above hardware solution) and the performance is really quite good (fast enough to playback Quicktime movies from, even on a G3.) The Apple KBase entry on how to use them is here.

Not so crap

[maroberts]

Those who've criticised it for it's key length have missed a perhaps an important point, which its that it encrypts without consuming the processor power of the host machine and supports full bus transfer rates whilst encrypting. If your system processor load is a bit hairy, you perhaps don't want to add to it by trying to encrypt on the CPU.

Still, the same device with AES, 3DES or similar would be much better....maybe next time!!

False advertising

[Bishop]

From FireWire Depot page:

"...offers the military grade protection for your classified data."

Calling DES "military grade protection" is pretty close to a blatant lie.

Re:False advertising

[Detritus]

The last time I checked, DES was only authorized for the protection of SBU (Sensitive But Unclassified) data. This would include things like personnel and medical records. Classified information requires protection by NSA approved algorithms and hardware. As far as I know, Skipjack is the only published algorithm that has been approved for the protection of classified information, and that is only for the lower levels of classification.

Drive Failure

[po8]

...the USB key stuck in the back looks like a likely point of failure.

Conceivably. Anyone who is running one of these drives without backups somewhere is even more insane than the folks running un-encrypted drives without backups. The backups themselves can easily be encrypted, so there's no need for major security risk. If your key dongles stop working or your drive fries, you'd better have some way of getting the bits back from outside, 'cause they're not coming from the platter.

OTOH, what is "64-bit/ 40-bit DES" supposed to be? Presumably this means the drive supports "40-bit watered-down DES keys" and "64-bit normal DES blocks". So I guess I'm wrong: this drive is designed to be break-inable in an emergency. Great. I'll wait until they offer 3DES or AES-128 options, thanks.

In the meantime, check out the BSD Cryptographic disk driver cgd: SW on-disk encryption at the block level.

DES weaknesses

[billstewart]

3DES is just fine - as you say, DES hasn't been cracked, it's just been brute-forced, and 3DES increases the brute-force work by 2**56, which means it'd take about 2**56 days to brute-force instead of about 1 day. The only reasons not to use 3DES are that it's 3 times slower than DES (no big deal here), or that you trust AES well enough to use it instead (about 10 times faster than 3DES), or that you don't have enough room in some existing protocol to store a 112-bit or 168-bit key, in which case you should probably fix your protocol instead.

"40-bit DES", on the other hand, is either a well-designed crock or poorly-designed crock, which is pretty trivial to crack. The only reason to use such any 40-bit key is to comply with anti-Communist US export regulations that got dropped a few years ago, largely due to the EFF's DES-cracker machine and the internet distributed DES crack effort, both of which emphasized the weakness of 16-bit DES.

On a technical note, cracking well-designed 40-bit DES subsets is not 2**16 times faster than cracking 56-bit DES, or John Gilmore could do it in 3 minutes in his basement. DES has two main phases, a key-scheduling phase and an S-box phase, and the DES cracking efforts took advantage of some interesting work by Peter Trei on key scheduling, which found a search order that makes each key-schedule a simple modification of the previous one, instead if its normal relatively slow calculation. So a 40-bit DES crack might take 5-10 times as long per key as a 56-bit DES crack, unless the 40-bit subset was designed to avoid that. On the other hand, the EFF and Internet DES cracks were in 1998, and computers have gotten about 8-10 times faster since then...