Slashdot Mirror
The Always-Encrypted Firewire Hard Drive
ducman points to the announcement of an encrypted hard drive running on the MacNN website. The drive features a DES 64-bit/ 40bit key strength and "is intended for use by banks, insurance providers, government agencies, and those individuals with sensitive digital intellectual property. It supports the IEEE 1394a connectivity standard, in addition to USB 1.1 and 2.0. It offers data transfer rates over FireWire 400 of 100, 200, or 400 Mbps. The SuperGuard is expected to be available February 7." Sounds great -- but the USB key stuck in the back looks like a likely point of failure.
the key length is too short.
Encrypted loopback devices on linux and bsd (and MacOS) are easier and cheaper.
And more secure IMHO.
And it only took 6.4 seconds to crack into once the harddrive was hooked up to a standard PC.
Anyone in here actually read Applied Cryptography? This was 1995 when it was published, and especially for bank use, you'd NEVER use anything less than a 128 bit key.
Also, did they say DES or 3DES? Hasn't DES been cracked?
DES has been replaced by Rijndael (AES)in the govt. Or at least that's what's supposed to happen, DeS is no longer secure enough. I would bet that with the huge ammounts of data stored on a disk differential techniques would make it a snap to get the key. What's worse is an easy to crack crypto system that you believe in is worse than no crypto system at all since you're likely to store data on it that you might not store otherwise.
Patrik
----------
Just your ordinary BOFH
http://killertux.org
The ACs in this thread are correct. 40 bit encryption isn't going to keep anyone but a casual snooper out of your data.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
If you want to prevent someone from getting your data, just buy a Western Digital drive. No one will be able to recover it!
Karma: Excellent (In Soviet Russia, karma pimps YOU)
The people who designed this hard disk are confused about how DES works. First of all, DES has a 56-bit, not a 64-bit key. Second of all, the days of being forced to use 40-bit encryption are, thankfully, over.
If one is going to all of the effort to encrypt a hard disk, why will they encrypt it using only Single DES? It is possible to build a single-DES cracker for under $10,000 US; the 56-bit key which single DES has to offer is just not long enough.
They would have been much better off encrypting this unit with AES, which uses Rijndael to encrypt files. Rijndael has a key size between 128 and 256 bits long, which can not be brute forced with current technology. Rijndael is also more efficient than DES when implemented in software.
Also, security is only as strong as its weakest link. If the hard disk is always readable when the key card is attached, then great care must be taken to detatch and hide the key card. Far better security can be obtained by a system which asks for a passphrase. Ideally, have a system which needs both the key card and the passphrase.
While I think this is a good idea, I think one is better off with the kernel patches which allow one to encrypt filesystems in Linux.
(For windows and Mac users, sorry, I use neither so can not help you)
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
Encrypted disk images are really easy to use on OS X. They're encrypted using AES-128 (much more secure than the above hardware solution) and the performance is really quite good (fast enough to playback Quicktime movies from, even on a G3.) The Apple KBase entry on how to use them is here.
From FireWire Depot page:
"...offers the military grade protection for your classified data."
Calling DES "military grade protection" is pretty close to a blatant lie.