Slashdot Mirror
ABIT's Secure IDE Motherboard
Frank Caviggia writes "The Inquirer has a story about ABIT's spiffy new IC7-MAX3 motherboard. Apparently, this motherboard has a feature called 'Secure IDE,' which is marketing-speak for hardware-based encryption ... ABIT goes on to claim that 'Secure IDE' 'will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files.' Pretty bold claims for a motherboard maker ..."
SecureIDE connects to your IDE hard disk and has a special decoder; without a special key
So what they are saying is their algorithm is proprietary and is therefore likely insecure? I thought people stopped believing in/hyping security by obscurity years ago... Or maybe that's just wishful thinking? Hell, for all we know they could be using xor encryption or some such crap. I don't trust any encryption algorithm that I can't see.
while ((c = getc(unencrypted)) != EOF) { if (!*cp) cp = "key\0"; c ^= *(cp++); putc(c,encrypted); }
3y3 y4m l33t, c4tch m3 1f y0u c4n RIAA. heh.
In addition, if there is no key does that mean there is no local security? If someone just took your whole rig mobo and all would they be able to access your files since whatever algorithm they are using must be embedded in the board?
I can see the spooks at NSA laughing.
Visualize the world of wine
Now I can make a stealth pr0n server!!!
I'm assuming that the MB uses an encryption key on the data before it is stored on the HD. If the HD is removed it is worthless. What if the Gov't or RIAA took the MB and the HD together. The key is on the MB somewhere and should be too hard to find. I wonder if you can set it up so you need to enter the key everytime you boot the computer so it can store it and continue to encrypt/decrypt the data.
Now I hope and pray that I will But today I am still, just a bill
and will keep the RIAA away from your Kazaa files
That has to be one of the biggest marketing lies I've ever heard since 'Win98 doesn't crash...' as the PS/2 mouse was plugged in...
"Some things have to be believed to be seen." - Ralph Hodgson
Gestapo Internal Memo:
Remember people, when we break into homes with search warrants, you need to take the MOTHERBOARD now too!
or is it just and access "key"?
The preceding post was not a Slashvertisement.
Correct me if I am wrong, but applications can still access unencrypted data; doesn't that mean numerous hacks would still work? 4ndr3w Scientists have been proven wrong time and time again -- by other scientists
Pretty good board. Finally one without serial and parallel ports! That's what I got it for! Reliable and fast for all I can see.
-Libertarian secular transhumanist
Nothing is ever completely secure, but I could see where this would help some. Genuinely a cool idea, but I'll wait a couple of years to see if it matures some first.
US Democracy:The best person for the job (among These pre-selected choices...)
...a motherboard manufacturer thumb their nose at the establishment. Although your more than likely to have your shares scanned over the Internet, then the RIAA come and steal your hard drive.
Secure IDE, says Abit, has a special decoder without a special key, and that means hard drives can "never be opened by anyone".
Then from the paragraph before: "... its Secure IDE technology will 'keep government supercomputers busy for weeks.'"
So it can never be opened by anyone except the government, which will require a few weeks to decrypt what's on the drive? Are they mixing a physical opening of the drive with reading the data on the drive itself?
Wouldn't that require some intelligence by the user? I mean like not sharing their file library? It's not like the RIAA can just go into people's homes and start busting open computers for pirated music.
Here's the bit on secure IDE:
For MAX3, the ABIT Engineers listened to users who were asking for information security. SecureIDE connects to your IDE hard disk and has a special decoder; without a special key, your hard disk cannot be opened by anyone. Thus hackers and would be information thieves cannot access your hard disk, even if they remove it from your PC. Protect your privacy and keep anyone from snooping into your information. Lock down your hard disk, not with a password, but with encryption. A password can be cracked by software in a few hours. ABIT's SecureIDE will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files.
Now, when it says Lock down your hard disk, not with a password, but with encryption... that seems to me that there's a hardware key on the motherboard that prevents the HDD from being read in other machines.
Meaning... that instead of stealing just your hard drive, they have to steal the whole computer? =p
Either that, or there is a password in addition to that. It could probably be gotten around by flashing the BIOS, or just taking the CMOS battery out for a brief stint. Either way, no, I don't imagine the NSA is shaking in fear just now.
It's not encryption! It's a physical lock on the hard disk!
Bash script for FP whores
How many more comments like this will there be? If you click the stupid link, you see that you need a USB key each time you boot if you want to be able to decrypt the hard drive. They need the MB, the HD, and your key.
My immediat reaction to that was "A decoder without a key? That's secure how?"
Of course, the article:
I hate to be the grammar nazi, but the register could use some proof reading and some cut+paste.
I imagine they couldn't give two fucks what the RIAA thinks. They know that their market is the people, and the people (most of them at any rate) like Kaazaa and hate the RIAA. Thus, this is a selling point.
Until the user shares them with the world. Damn some people are stupid.
Hope it doesnt cost more than buying Mp3s directly for 99c.
New year Resolution: Don't change sig this year
I'll take the flames for reading the article before posting, but ABit seems to be selling this to people who think that when the police/bad guys/whoever take your computer, they only take the hard drive.
Since they don't have a Secure ATA controller, they couldn't read the drive. They probably even need the same Secure ATA controller.
But if they have access to your hard drive, time to unscrew it, secure it, etc - why not take the entire machine?
The marketing people are probably patting themselves on the back right now but ABit just lost a fair bit of respect from me. If it is secure, post more information about "Secure" ATA and prove me wrong - if you want to hide details and claim it is secure, I'm worse than not interested in this tech. I'm less interested in Abit on the whole now.
but if the court ordered investigator is actually at your keyboard, or they're checking through normal network means isn't this pointless? Okay, granted if my job is to look through peoples hard disk all day I'm going to want to take the disk out of their machine and use my machine to look at their data, but using their's doesn't exactly make it impossible, only inconvient. I guess if they destroyed their own board to hide evidence that would work. Another thing, your board frys. You loose all your data. I don't know how many times in my line of work I have had to replace a mother board and make sure the data from the old drive survived.
The preceding post was not a Slashvertisement.
The RIAA isn't going after people because it finds files on their hard drive, it goes after people because it sees them sharing these files online, unencrypted. This technology is worthless against the RIAA in that respect.
"ABIT's SecureIDE will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files."
It doesn't matter if the RIAA can see your "Kazaa files". All the RIAA has to do is see your username on a P2P network and trace the IP address behind it. They don't need to search your hard disk drive - all they need is evidence of a particular kind of modem activity and they can bust you anyway, hard disk or no!
Bash script for FP whores
Personal computers with built-in hardware encryption is going to make life hell for support technicians.
I mean, I like the idea. I just don't like the idea of having to deal with impenetrable security on top of everything else that I have to deal with when my little brother's friend fries his computer again and I have to slap a new HD or mobo etc in it.
There are some things about this that I like - the cooling systems look interesting, and as someone who's looking upgrade my old Win98 Game Box (that's about all Windows is used for with me these days), I can consider it.
But the encryption doesn't sell me, because it's really a limited use.
Assuming the machine is being used, and they is inside so you can access your data. You install an old version of Linux with an unpatched SSH client, and somebody root kits you. The encryption won't help you here - after all, the key is already used on the box so the motherboard can talk to the hard drive.
The only time encryption would be useful is when:
a) Somebody steals/appropriates the computer, and doesn't get the key. You destroy the key, and if this is a court case, you make sure there are no backups they can restore from.
b) that's about it.
I like the idea of encryption being on a laptop hard drive, and there's a USB key for it (I'm hoping the 10.3 version of OS X's user directory encryption is not just password/passphrase enabled, but lets you use a CD-Key, or something onto the Keychain file and you can be anal and put the Keychain file onto a USB key so it has to be inserted for the home directory to wirk). A laptop is more likely to be stolen and credit cards/passwords/sensitive company information (and if you're like me and work for a company who does Defense department contracts, that can be a big deal).
Otherwise, I'm not sure I fully see the "average" home use of this motherboard to protect from the RIAA finding out what files you have over the Internet, since the hard drive is already being decrypted to give that data over the network. Like I said earlier, it's only use is if the RIAA gets a court order, and you throw the key into the garbage diposal. (Which might get you held up in contempt of court or some such, and then you'll have to hope that Abit doesn't have a backup key of their own floating in their system somewhere.)
I could just be missing the point of the encryption other than a "gee whiz" feature - but that's just me.
52 Weeks, 52 Religions with John Hummel
Just an aside, but it would seem to me that if DRM/Palladium can keep consumers from digitally copying copy-protected music, then it could also be used by pirates to keep the RIAA from ever prosecuting music pirates. If a pirate recorded the digital output from the soundcard, and then used that to rip to mp3, they would then have technical "ownership" of the mp3, from the DRM perspective. They could then offer this file on the p2p networks with no worries at all - should the RIAA ever stumbled across a copy, the pirates could use their "authorship permissions" inherent in the DRM software to remotely delete the file from the RIAA's computer.
The society for a thought-free internet welcomes you.
How would this prevent spybots from figuring out you have MP3s on your hard drive? Does it generate a fraudulent IP address for your hard drive separate from your actual connection? And if that's the case, how would it interoperate with the P2P client software? I can understand downloading a file and moving it to an non-shared folder on the encrypted hard rive, but then the user doing that will be a file leech and potentially blocked from a lot of files on the networks. What about the mobo chipset identifier; is there a way to mask its identity so the RIAA and other snoopers cannot simply track down owners of these mobos and single them out? It appears the Slashdot effect has taken its toll on Abit's site for the product...
"Right now, somewhere in this world, Scott Baio is plowing a woman he doesn't love," - Peter Griffin, *Family Guy*
They wheeled in a "portable" computer with tons of disk space, and imaged all the harddrives they could. They would then verify the images were good, and readable. If they weren't, they took the whole comp.... And they were assholes.
"...and will keep the RIAA away from your Kazaa files."
While this is true, the RIAA doesn't actually need to win their case to get money from you. They just want you to give them $12,000 - $17,000 in an out-of-court settlement. Even if they don't have a case against you & can't prove that your files really were mp3's (due to your encrypted hard drive), they're still going to attempt sue you if you don't settle - Sure, you'll win in court, but you're still going to pay $10,000 (or more) in lawyer & court expenses...
I guess if you were doing something even more illegal that would required real evidence (i.e., innocent until proven guilty), then an encrypted hard drive would be a problem for the prosecutor. (That is, unless Abit really is just doing 'encryption by obscurity' as an above poster suggests)
From what I can tell, the data on the hard drive is encrypted and decrypted on the fly. While that may not conflict with the OS you have on there, what if you wanted to put the drive in another, non Secure IDE motherboard? Apparently you wouldn't be able to access it. Hopefully it'll come with an app that can decrypt the HDD... and of course that app will be windows only.
I am a filthy pirate.
By following these easy instructions, you too can encrypt your data and swap partitions with Loop-AES. (The instructions are for Linux From Scratch, but they worked fine on my Debian box.) This way, no unencrypted data ever touches the disk; even if your computer is stolen, the thief can't read your data.
Before everyone starts bitching with their collective "This can't work! How would it work!?! It's insecure!!" pablum, I offer this solution:
wait.
There will be more information in the weeks and months to come. Don't decry this as useless until you know what it actually is.
___________
That aside, this could be a case of "secure computing" working counter to many of the interests that originally pushed it. Sure, encrypted channels can be used to enforce DRM, but they can also be used to hide that cracked media when $badguy comes looking for it on your hard drive.
The DMCA can work for you just as it works for $badguy. That encrypted IDE is protecting -your- copyrighted intellectual property, after all.
GeekNights!
Late Night Radio for Geeks!
it would be pretty cool.. I'd definately upgrade my mobo for something like that. If it was indeed secure, when i'd leave the house, or wasn't using the computer i'd take the key with me. If Mr. RIAA did come knocking, and took my computer, it would be useless. (And as soon as they left the house i'd destroy the key.) But the question remains, how secure is it? Is it all marketing hype?
"Thanks to the remote control I have the attention span of a gerbil."
I love the looks of this board, and I'll probably get one, but the only problem I have, is from time to time I put my HD in another computer for trouble shooting. If a power surge, rouge program, or virus damages my drive, a lot of times I can transfer the drive to a different computer an still get many of my files. Also, I have taken my HD to other peoples houses when other means of transfer are exhausted. It seems like this would lock you into one hardware format.
Sigs are out of style, so I'm not going to use one...oh wait..
No hardware or software system is completely unhackable. There is a reason that systems that must be really secure still relay on sneaker-net. The only way to completely protect your data from others is to destroy it. If you don't want to get caught with something on your computer DON'T put it there in the first place.
Encryption algorythms are sufficiently advanced that key management is the real issue: Trying to brute-force it can be very difficult, but finding out the private key (which makes decryption trivial) can often be relatively easy. So, even if they used reasonably strong encryption, chances are that they won't succeed at protecting the private keys.
However, I suspect that their encryption isn't really all that strong. Doing strong encryption at speeds necessary to sustain IDE transfers (up to 50 megabytes/second *per drive*) is fairly serious stuff, especially if you want to be able to do it at sufficiently low latencies. Hardware-encryption boards that truly do strong encryption at much slower speeds than that are pretty pricey, usually at least four figures.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
I see a lot of people saying that they steal the motherboard then they can crack it, which while possible isn't entirely true. If you would read the information about the board you'd see it's a hardware dongle that stores the key information. Thus, if you buy a new mobo with secureIDE and have the same dongle you'll be able to read the data. It's that simple.
So rather than destroying the motherboard, you just need to store the USB key somewhere other than where the computer is. Pretty straight forward. You can't take the hard drive to another secureIDE computer and have it work without the USB key.
My Slashdot account is old enough to drink...
Ok... they claim it will keep the RIAA away from your KaZaa files.
Okay... how does this work again?
Security key -> but Windows accesses the data anyways as requested.
KaZaa -- is a program in memory. Which will request the files. The request goes through the motherboard, which (Hey, Presto!) happily hands over the files to be sent right along your internet connection.
This does nothing to stop the RIAA from scanning you. All it does is make it a tad more difficult for them to prove in court that you were sharing files from that drive.
That is, unless they subpoena the motherboard to acquire the evidence.
There's a "back door" on just about every BIOS that ever was... there will probably be one for this system too.
The IC7-MAX3 is tuned up and ready to rumble. With ABIT's Game Acceleration Technology, users have the choice of three performance modes: Turbo, Street Racer and F1 to boost performance up to 17%.
Ok, maybe it's not a marketing lie. But. How seriously can you take anything with the settings 'Turbo', 'Street Racer' and 'F1'?
Also, here's the key.
Not going to stop the RIAA from catching you (although they'd have difficulty decrypted the drive once they did I guess), but looks moderately useful for protecting a harddrive from theft. I'd love one on a laptop. If someone stole it in an airport or somesuch - at least they couldn't get my data without some effort.
I write code.
Hmm, don't mind me while I keep using a software solution...
/home on my laptop. Otherwise you're SOL...
: //loop-aes.sourceforge.net/loop-AES.README - see example 4
Loop-AES is trivially ease to set up under linux,
and you can have it require a GPG key etc that live on a USB keychain.
If you have my keychain, and you know the password, you can mount
http://sourceforge.net/projects/loop-aes/
http
Something you have and something you know...
ABIT SecureIDE
Nowadays, information security has become a major concern with all kinds of end users, as most documents are now stored electronically. Business and personal files must be kept safe from unwanted intruders. ABIT has had a lot of experience in the field of data protection for motherboards: We were the first company to adopt RAID as a standard specification of all motherboards, beginning in 2001. This initiative was welcomed by end-users and media, and it also soon became an industry standard.
ABIT listened to users who were asking for information security. In July 2003, we are the first company to introduce this feature on our motherboards. Secure IDE is a device that connects to your IDE hard disk and has a special decoder key; without this key, your hard disk cannot be opened by anyone. Thus hackers and would be information thieves cannot access your hard disk, even if they remove it from your PC. Protect your privacy and keep anyone from snooping into your information. Lock down your hard disk, not with a password, but with hardware encryption. A password can be cracked by software in a few hours. ABIT?s SecureIDE will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files forever.
How to Use ABIT?s Secure IDE to Protect your Information/Data?
SecureIDE is a encryption device that uses the eNOVA X-Wall chipset that ensures confidentiality and privacy of your data through disk encryption. When booting up your system, go to DOS and implement the FDISK instruction. This instruction will make a partition to format the Hard Disk to accept the secure IDE key. After this procedure, there are no more extra steps to perform besides using the key to ?open? the hard disk each time you boot up your system.
Nowadays it is necessary to have information security no matter what field your data comes from: business, scientific, government or copywrite protection. Only Secure IDE can protect you data and your privacy.
But if they have access to your hard drive, time to unscrew it, secure it, etc - why not take the entire machine?
If you look at the diagram on the website you will see a controller board that sits between the motherboard and the hard drive. Plugged into the controller board is USB dongle thing which holds your decryption key. Assuming the encryption is sound and assuming that you take the dongle with you when you leave your computer unattended, it is a pretty secure arrangement.
However, one of my caveats would be that the disk would have to re-encrypt after an hour of non-use. After all, when they bust your door down, will you have time to turn the PC off? This motherboard they're selling is only going to keep you safe if you're machine is off. If your machine is already off, then you might as well put your hard disks into the ceiling vents.
Some might argue that most agents would bust down your door, and just confiscate your computer. But I am sure that they would be keeping an eye out for these type of motherboards, and more likely do a check before turning your computer off.
Oh, and last but not least... You have to have that USB key hidden. And I think they'd even check your ass. So how exactly do you hide the keychain in a difficult place to find-- but not so difficult that it's a hassle to you too (because if it is a hassle, then you'll just leave your computer on all the time...thus unencrypted)
Why are there only 19 people folding@home for slashdot?
> will keep government supercomputers busy for weeks
Anything that doesn't keep, oh.. say a gigant computer the size of the solar system, busy for millions of years cracking my keys doesn't really impress me (encryption wise).
A few weeks by government supercomputers is crackable by distributed efforts in about the same timeframe today.
In kazaa and otehr p2p you are *the user* sending the file you have in a share onto the network and show it to everbody. You open yourself. The only way to avoid that is to have nothing to share and only download from other (which is the contrary to the spirit of P2p, because if everybody dodes that the file share pool dry like a well in sahara). Encrypting data do not help , because you show the open data to the world.
And if the RIAA sue you, well, you can hardly say to the court/justice , "sorry you can look at my HD , there is nothing to see. Ho wait it is encrypted ! Buahahah!". Then two minutes later you are sumoned to give the key, and 4 minutes later back to case 1 without the expensive encryption.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Customer: my mother board just died and I got my replacement and I cannot see anything on my HD
...
Support: well if you had the Secure IDE enabled you will need to reformat and install from scratch, Unless you either backed up or wrote down your special code.
Customer: You mean the long string of weird numbers and letters.
Support: yeah
-- Tim
TKrabec Pahh
like not sharing their file library
P2P is based on the concept that people share. Less people sharing, less P2P sources, and P2P slowly dies down, RIAA wins...
I doubt ABit's concerned about losing a fair bit of respect from you, since you didn't bother to put the least bit of effort into discovering that your points are irrelevant-- their whole point is that someone could take the whole machine and still not be able to decrypt the harddrive, as long as you were't dumb enough to leave the USB key attached. And you get -1, willfully uninformed, for recognizing in your post that you hadn't read the article. Sheesh.
;')
Anyway, the truly paranoid will attach little self-destruct mechanisms to their USB keys, so that they can wipe out the info completely, when the agents in black uniforms come crashing through the windows
The register misread the report.
Register:
"has a special decoder without a special key,and that means hard drives can 'never be opened by anyone'"
Abit:
"has a special decoder; without a special key, your hard disk cannot be opened by anyone. "
So for those of you whose anti-RTFA isn't on recursive, you would think that there wasn't a special key, but what Abit was saying that without the special key (USB memory key, apparently), the drive is secure.
--------
It's OK to be social, just don't tell anyone about it.
Any crypto algorithm worth its salt would have The Farm Boys cranking away until the Universe ended and then some. Not that this thing is going to be doing say, 2048-bit Blowfish or anything, but an expected brute-force or crack along a timeframe of 'weeks' is cryptographically poor.
On a similiar topic: this being sold at geeks.com. Front panel ports plus a thing that does "real time 64-bit DES" on your HD. I'm skeptical towards both products, but it's a good start. The jaded cynic in me saw "Secure IDE" and just assumed that Palladium was a step closer, at least data-storage-wise. Ever notice how when Certain Software Firms say 'secure' or 'trusted', it's usually not in the traditional senses of the words?
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
The best paranoid tech I've seen like this is where the additional encrypted filesystems are stored in the freespace of other partitions, and if you don't unlock all the partitions, then 'higher' level partitions are at risk when 'lower levels' write to their freespace.
See, it's not good enough to have encyrption when they take you to court, you need to have deniabilty. You need to be able to deny even having the encrypted data.
Perhaps if the Secure IDE controller were to wipe the encrypted partitions (with constant random rewrites until powered off) if it were ever powered on without the key, this would be safe.
"Honest Judge, I'd love to give up the data, but that tool over there powered on my computer without the key and the data was all auto-shredded." I suppose you could have the bios fake a keyboard (or other, temporary) failure once or twice on power-up before wiping the data so that you didn't screwed if you forgot to put your key in once.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
The main claims are that it makes things harder for government supercomputers and RIAA. It doesn't mention that the way those organizations would gather their information is online. If you're online, haven't you already unlocked your PC?
Isn't that like selling people a device to boot their car, and telling them it will make their car more secure against carjackers?
I have Abit's IC7-G MaxII Advance board. It is truly a very stable board, even when overclocked. well worth its salt. This Max3 board simply seems like a MaxII but with a couple added Frills, a few more SATA hookups, this elusive 'Secure IDE', and a fan to cool the capacitors, which I never thought caused much of a problem. There also seems to be a new northbrdge fan that looks like it might cool better. As one who hasn't read too much about this board, I'm wondering how much more they're going to charge for it, provided there SEEMS to be nothing special added to it. Unless I'm missing something huge, who knows?
So, basically, if the RIAA wants proof that you have illegal material on your hard drive, they have to violate the law. LOL.
-- everyones not everybody and neither is everybody like everyone.
Ok, my question is: why not use a standard software based encryption, like an automatic Triple DES, or better yet AES, that is based on a keyphrase that you enter every time you start up the computer?
Any time there's a hardware key floating about, that's just something that can be obtained to get access to the system.
Everyone ranting about how this is inherently stupid since the key is just on the motherboard should actually read the article and note that the key is actually going to be stored on a removable device of some sort. So the idea is you carry the key with you at all times and just plug it into the computer when you want to use it. When the key is not in the computer the data cannot be read.
Of course this still doesn't explain the silly Kazaa claims, however that is another issue altogether. In fact this whole thing seems kind of useless since if the government were to confiscate your computer or something you'd think they could just subpoena the key as well, and it does nothing to protect against hackers since the key has to be in your computer for you do use it. Turning it off when you're not using it would be just as effective. About the only thing this is good for is in case somebody steals your computer when you're away. But it could work for that.
Physics is good
Heh.. That, my friend, is computer Darwinism.
GeekNights!
Late Night Radio for Geeks!
I like the idea of on-the-fly hardware encryption, I really do. I've looked into buying those trays they sell online that do the same thing. IDE signal in, scramble with a key, save to hard drive, rinse repeat.
The problem is that they key systems and basically a little USB device similar I'm sure to those USB flash drives that store the key. That means two problems:
1) Lose the key? You are screwed. None of the solutions I've seen provide a mechanism for backing up your key or getting a new one made. So you have two keys, right, but what if one gets shocked and you don't know it and you lose the other key? Bad news. They way they should implement these systems is to give you the hardware key as a text file and let you upload it onto any number of USB flash drives. You can put the key in your safe deposit box, or hide it using stenography, or bury it in the backyard. If you ever lose your physical key, you can create a new one.
2) Have the key? You are screwed. How hard is it going to be for law enforcement, thieves, RIAA to access your hard drive when the key is right in the system? That is stupid. They should either implement this as a one-time key or as an auto-destructing key. For example, if we continue the example above where you can load the keyfile on any USB drive, then the system should be configured so when you insert the USB key to unlock the drive, the system erases the keyfile and writes random data patterns all over the drive. System loses power? Okay, reload your keyfile and repeat. If someone takes your system, then they'll have to interrupt power and when it reboots the key is blank. Or, have it real easy to destroy the key. Like a panic button. So you wear it around your neck, use it to unlock your system, boom someone kicks down the door you just press the button and your key is useless. For bonus points make it transmit a wireless signal so the same button powers off/unmounts your encrypted drives.
If a system were available that met the above description, I would buy it in a heartbeat and so would any of my clients who have a bug up their butt about some thief walking away with a hard drive full of trade secrets/credit card numbers. Especially now that in California, companies have to publically announce any security breaches.
So, nice try Abit...but no cigar. Only a fool would think that this system offers any sort of legal or security protection.
- JoeShmoe
.
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Well, it's not foolproof, but it's a step in the right direction. Just remember, our freedoms are slowly eroded so we don't notice them disappearing. This is a small step in the right direction. Take what we can get, and encourage the progress.
That is all.
-- Liberalism is a mental disorder.
Hey...this coupled with secure network access through a free copy of say Wingate would be... er hmm, nevermind.
RIAA agents: Where are your Kazaa files, punk?
Me: I've got an Abit super protected IDE mainboard, fuck off Nazi pigs
RIAA agents (grinning): Then could you please show us a valid SCO-approved license for your Debian system?
Does it cause any performance problems. and what happens if you lose the key (were sorry mr. anderson, but your data is toast)
kinda sketchy to me
Linux: Helping nerds look smarter since the late 90s.
Secure IDE, says Abit, has a special decoder without a special key, and that means hard drives can "never be opened by anyone".
...
I guess that is the pinnacle of security, not being able to be opened by ANYONE! Download all the files you want -- don't worry, you won't be able to opened them. WTF?
All the paranoid little geeks who think the government is watching their every move will buy this motherboard in droves. That is, after they get done lining the interior of their home with aluminum foil.
"Protector for Business and personal secret"
:-D
ROFL
- It has *nothing* to do with the motherboard, it is a card that connects between the IDE cable and the IDE drive. Like s separate card.
- It works with all OS, no drivers. You need to start from a blank disk though because everything is being encrypted/decrypted as it passes through (if you "decrypt" plaintext something it goes horribly wrong).
- The encryption is 40 bits which is really really weak. Same as DVDs for example (ok slightly FUD because CSS was a poor algorithm)
- You have an external keyring, which acts as your hardware key.
That being said, I really don't see the big use of this. It's only good if your disk is taken, they don't take the key and it's only protecting the information (disk is as good as ever if you remove the card and format it again). Of course if you have vital company/personal/military data on your disk I suppose that might be enough of a reason.Kjella
Live today, because you never know what tomorrow brings
Assuming your encrypted hard drive is seized as evidence, can you be compelled by the courts to provide the key?
I was there. He was demoing how easy it was to set up a USB device. whoops. What a classic moment though.
It is apparent that this is designed to thwart any government attempting to get to your downloaded files, with an empasis on RIAA/MPAA. When you think about it, it is scary (and sad) that we have to go to such extremes to protect ourselves from our government. How low we have sunk in recent times.
I prefer the "u" in honour as it seems to be missing these days.
What happens then when the little battery dies? Does your machine completely shut down? Furthermore, what if I just take the HDD out and put it in a *brand* new machine that hasn't been powered up yet? Shouldn't the chip say, "no you're not another machine's HDD, you are MINE!" and take the thing hostage?
stuff |
Something I've wondered about:
If the RIAA sues you, you defend yourself with a lawyer and win, couldn't you counter-sue to pay for the lawyer's fees,and also some damages due to defamation? Otherwise, I would imagine the RIAA would just sue everyone in America and make trillions.
-Neil
I have recently counted the number of passwords (hardware tokens/pin codes/you name it) I use at work, home & school. The result was greater than 80.
Now add another secure password for my hard disk, make it at least six characters, add two digits and one non-alphanumeric sign and try to add it to the already rememberd 80 tuples. Did I hear you saying that the only choice I have is to write the passwords on post-it notes?
There are already databases for PDA but they are still not as good enough as the Sens-O-Matic card of Douglas Adams...
username: clownpassword: bozo71%
-- submit --
This unit actually uses 40-bit DES as detailed here. Additionally, this system is integrated into this motherboard, but is also available as a IDE "pass-through" device if you will, allowing you to use this technology on any (IDE) system with any OS.
This *does* encrypt the data on the fly, it's not just a physical HD lock. The mention of using DOS's "fdisk" does not imply that this is a M$ only product. The point is that the drive must be re-partitioned once the device is installed, since the original drive presumably is not already DES-40 encrypted. The link posted above in this comment has more information.
Then if they do get real evidence from an encripted hard drive, counter sue them under the DMCA...
The partition mounted at /usr/local/private is crypted on my machine. Why do I need a special motherboard?
Hardware encryption of IDE drives is a good thing. It's not going to keep the government from looking at your files (they'll just make your life miserable until you give them the key) or the RIAA (they'll just watch what you trade with whom or install a virus). But it does mean that should your machine get stolen, the thieves can't do anything with your data. Actually, as you can imagine, this would be significantly more important on laptops. A few laptops have SmartCard-based hardware encryption built right in, which is arguable the right way of doing this (as opposed to a USB memory dongle).
Please read the description: ..Secure IDE is a encryption card that uses the eNOVA X-Wall chipset that ensures confidentiality and privacy of your data through disk encryption. When booting up your system, go to DOS and implement the FDISK instruction. This instruction will make a partition to format the Hard Disk to accept the secure IDE key. After this procedure, there are no more extra steps to perform besides using the IEEE key to "open" the hard disk each time you boot up your system.
SecureIDE: Protector for Business and personal secret. The encryption key is stored in a USB dongle. From the description:
It is also a stand-alone product and goes between the IDE connector on the motherboard and the IDE harddisk. So, you need the harddisk, the motherboard AND the dongle with the correct "IEEE key" to access the data.
The key is on a type of USB keychain. Not in the motherboard. Not on the hard drive.
Why are there only 19 people folding@home for slashdot?
according to the installation guide:
40-bit DES (US Data Encryption Standard) is adequate for general users
In much the same way that leaving the data un-encrypted is adequate for general users, I suppose.
Also, "Lame SCO Joke Thread" was my inspiration in posting the above.
I just built an encrypted filesystem on a software RAID 5 spread across 4 200GB drives using the serpent cipher with a 256-bit pad.
I wonder which system is more secure..
It seems that the hardware manufacturers can see that the money is with the pirates and not with the media companies.
It wouldn't surprise me if they ended up killing off DRM by offering workarounds and personal encryption based products, because that is what consumers are demanding.
Beep beep.
For those that don't know, on linux you can use the loopback device to encrypt everything under a mount point. The files all reside within an signle encrypted file which "loopback" mount to through the decryption software. You can have your computer boot normally and then mount/unmount as you need access. You have the option of several well known open encryption systems. If you or anyone else cuts the power to your machine, there won't be access when it boots (unless you put the decrypt/mount commands and password in your startup, which would really defeat the point). Here's the read me.
-no broken link
Since there is exactly one key capable of decrypting the data, the obvious thing to do is place on the key a one-time pad. A USB storage keychain holds 128MB, which we can assume is XOR'd against each 128MB block on the hard drive. Even assuming that the one-time pads are being generated using a truly random method (which they're probably not), this is still crackable. However it's be no means easily crackable and yet is very convenient and fast.
Do you really want your CPU factoring primes every time you read a sector of your hard drive?!
Second of all: How much does it cost retail, and where can I buy it?
But hey, if anything it is a clever sales ploy, profiteering off the vague threat of the RIAA... Kinda reminds me of the whole Duct tape thing now that I think of it...
This technology would be most useful on portable devices, like laptops or even hard drive storage MP3 players/digicams/etc. Putting it on a desktop class system seems a bit like they are just trying to feed the tinfoil hat crowd.
"Powers. I have them."
In the UK refusing or being unable to hand over encryption keys on demand from law enforcement is a crime I believe. (IANAL.)
I know this affects things like GNUPG too (I have my encryption keys on a USB pen drive) but it does mean that if you fling your key store into the river when the police come calling they can still arrest you - good if your crime was greater (kiddie pr0n or plotting assasination) I suppose, but pretty much a losing proposition for everyone else.
Beep beep.
In order to be really useful, the wire from the HD would have to be connected to a USB port, preferrably on the front of the machine. This would be a great use for those goofy computers that come with "gaming" ports on the front, and a minor mod to mount a port in a front-panel drive bay.
Once upon a time, I could read through the comments on /. and actually see occasional good thoughts, and most of the time, see original material. When did everyone decide to post before looking at the other comments? Or are people reading the comments, going, "yeah, that's right!", and then pretending to post something new while just copying the original? I mean, if I read one more comment on this article that alludes to the fact that encrypting the drive doesn't help when the whole computer is taken (moot point if you read the frickin' article), I'm gonna puke. Then again, I think I'm done reading comments on this one.
As a complete noob to crypto, could somebody put that in a scale of amount of computing resources and amount of time required to have a serious chance of cracking this?
It sounds like a good idea, but only if the crypto is a complete pain in the ass to break in our lifetimes. Otherwise, it's only a matter of time and effort.
Man is the animal that laughs.
And occasionally whores for Karma.
I have an IC7-G and I can say that I am very happy with it. It can overclock at 233mhz FSB with absolutely no problems in the OS. Kudos to ABIT for making such a great product.
Let's see how long it will take for pros to crack it. DirectTV, DishNetwork, Xbox and others were said to be "secure" but it took only few months to crack all of them.
It will difinitely prevent your wife or girlfriend from "discovering" your mpeg pr0n collection or archived e-mails from the ex.
How hard is it to clone one of those USB keyfabs?
hmm, they say this is a good way to keep kazaa files safe from RIAA? but really, do you use kazaa? but seriously, this is great for security, especially for thoes large buisness type things, where the employee computers are sometimes stolen, you could have a security station where the keys are stored, and they are given to the user to boot his pc, and after like 10 minutes after he boots it, he has to return his key so that if it's stolen after hours or even during the day!!! it would be secure from physicall theft. nice idea, i wonder how it would work in practice?
Given that recent studies show how much private, business and government
data is available for sale on Ebay as "2nd hand harddrive", this feature
could prove useful -- even without key.
On the other hand, without (access to the) key, the drive is tied to the
motherboard. That is, when the board fails, you won't be able to recover
your data either.
I'd rather see an optional extension to the IDE standard. Adapters that
support it, could have a key register for each IDE channel. The BIOS or
OS could then load whatever key it prefers. A simple thing could be to
load the CPU serial number to it, and providing a "recovery mode" in BIOS
where the user can enter the serial number manually (after CPU replacement).
More sophisticated setups could fetch a key from a USB token, or TCPA (urgs)
or whatever other means.
THAT would be a useful extension.
Marc
is this a backdoor to get people to accept DRM? or am i being paranoid? it doesnt explain exactly how it works...
OEMs are finally getting clues. I just noticed that lian-li just came out with a new case, the 6077, that the entire front of the case is 5.5" bays, 9 of them. The on/off switch, led face place and 3 3.5" internal bay takes 2 of those but you can put it in any 2 of the 9 bays. Sweet. I've been looking for this for a long time. You could really load up this sucker with disk drives.
Now if they would just get rid of some of that spagetti on the power supplies, the new SATA drives don't need it anymore.
Looking at their user manual, and specs, here are some corrections to your post:
- No special motherboard needed. This thing plugs in between the ide cable and the driver.
- As with all encryption. Lose the key and you're the proud owner of a high tech paperweight. Not unique to this connector.
- I suspect they mention fdisk because it's commonly used. It's a transparent encryption system, so
card + drive = normal drive
They're just saying to reformat the drive after putting the adapter on.
- Any file system/operating system will do. "Device driver free" too. Again, they're just saying you have to start over.
Also worth noting:
- The encryption card can use an extension cable get the dongle to the outside of the case. So no, you don't have to pop the cover each time you walk away.
- Once you boot up, the key doesn't need to be in any more.
- They give you a backup key too.
You are checking your backups, aren't you?
I'd like to see this become standard on notebooks. I'm a lot more concerned with stolen notebooks than I am with the RIAA....
(paraphrased for sake of relevance)
Master Doe: This key will allow no one to see the contents of your hard drive due to the complicated encryption algorithm. Do you understand?
Master Tang: [nods head in agreement, pauses] No.. I don't understand.
The neutrality of this sig is disputed.
when their crappy MBs blow their crappy capacitors? I'd say you're screwed. I'll never buy anything from ABIT again.
The real question is, if the Key is USB, does the OS need to mediate between the SecureIDE subsystem and the USB key, or does the BIOS do it below the OS?
Yes, that's the real question, but why go through all the trouble to run your OS on something shitty like a DOS file system when all you want is an encrypted partition? If this is BIOS level crap, and it probably is, why not do the same thing with software, where you encypt what you want and only let certian users have the keys. I don't know how to set something like this up, but it can't be too much more work than the password system. If it is the relief promised and the hardware does passivly encrypt a whole IDE channel, then simply mount it up where you want your private information. Even then, the software solution might be more secure.
if you're getting sued and the court requires you to make the data accessible, saying you 'lost' the key is going to put you in jail.
Really? I suppose if they have a valid search warrent they can look at it, but you don't have to incriminate yourself. If they can't read your stuff, aren't they simply screwed when they try to prove your guilt and can't? You might get in trouble if you deliberatly destroyed evidence by pretending to co-operate and giving a password that deleted all of your shared music.
In any case, if you are running something like a music sharing system, they just plug into it and see what you have to offer. The point of sharing is, after all, to make what you have available.
900 people. It sounds like a log but didn't more people win the lottery last year?
Friends don't help friends install M$ junk.
Yellow paint makes it go faster!
It must be able to encrypt lawyers before they can serve you.
Judge: You will provide the USB key for the prosecution to view the hard drive
You: No.
Judge: Very well, you are in contempt of court and can sit in jail until you change your mind.
You. (scooby doo noise)
I'd like to see some tests run on the performance of the new system.
You might loose in data-transfer rate. Depends on the hardware. Anything from full bus speed to significantly slower can be built and bought. Look e.g. here for a really fast AES chip.
What will not noticably suffer however even with a slow solution is access speed. So depending on you disk usage pattern a flower solution might still be acceptable.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Acting on tips from an anonymous source (*cough* RIAA), U.S. soldiers invaded the homes of many citizens at home and abroad looking for the ever elusive Saddam MP3 FileSharer and his evil co-hort Osama Stole'Music and thier cache of MMDs (MP3s of Mass Destruction).
President Bush re-iterated that the MMDs exist saying, "I know they out there, our intellegence agencies downloaded a few of them last night."
Within the hour, both the CIA and FBI bave both denied that MMDs were downloaded. They go on to say, "infact our servers were hacked and used as a MMD store by the suspected country music terrorist group "Al'abama" "
No comment has been released from the NSA. It is suspected they didn't hear the phone ring on account of the volume the MMDs were being played at the verify the MMDs were *IN FACT* MMDs.
Film at 11.
I didn't RTFA. I don't really think I need to.
(INAL) but if it is a hardware key, they just have to find it. If on the other hand it is a good Key/Value phrase (read pgp) Then they would "Have" to crack it. You *still* have 5th amendment rights, at least I haven't seen a YRO posting that says otherwise.
According to that diagram, the motherboard isn't involved at all, and the card attached to the harddrive and the external dongle does everything transparent to the motherboard.
Is ABIT just bundling a product with their motherboard here, and can it be bought elsewhere?
I'd like to see one of these with a key fob that has an auto-destruct button on it, like a tiny capsule of acid... Delivered with two dongles -- one you can put in a vault or destroy, depending on how you feel.
Regards,
--
Arthur Hagen
That's the speed they quote in the pdf on abit's site. Now, assuming they really mean 1.6 gb/s and not GB/s that's still faster than serial ata, and these are ata133 connectors, and you use one per drive, so it's supposed to be transparent both to software and performance-wise.
Back in 2000 Abit boards are very innovative with their ATA100 raid, insane number of ISA+PCI+AGP in one board. Damn I was jealous as hell and finally bought one too.
I know someone who purchased the ABIT KA7-100 motherboard in 2000 also. I cannot tell you how many times this board has fried on us and been returned via warranty.
Any real serious audience will want something more stable along the ASUS line.
And his plans to blow up file sharing computers?
When a computer is examined as evidence for some misdeed there exists a question of whether the contents of the hard drive were modified during the examination(s). If it can be proven that any data was modified -- even something like a dirty bit being flipped -- then the whole case could get thrown out as tampering with evidence. Because of this, many computer forensic types will rip the drive out a target computer, make a device copy of it, then examine that instead.
Now, this new secure IDE will complicate this procedure. The examiner can either use the target computer, which may contaminate the evidence, or they have to duplicate the hardware, all the way to the motherboard.
I confess to not reading the article thoroughly (well, not at all) so this is just conjecture: If only the data of each sector is encrypted then the examiner could potentially create a bit copy of the drive (without decrypting the data), then use the IDE's key to decrypt the copy. But if anything beyond the data (eg, block bound values and the like) is encrypted then it's possible that not even a device copy will work.
Now, whether all of the above is a Good Thing or a Bad Thing is definitely up for interpretation....
To hell with hardware and software and encryption and keys and all of that nonsense. LOCK YOUR FREAKING HOUSE! GET A LAPTOP LOCK! UNPLUG THE NETWORK! The only way to be truly secure is to not let anyone physically be able to access your computer, steal the hard drive, or be able to hack in to it by any means. It's like the CIA computer in Mission: Impossible. If you find Tom Cruise is dangling above YOUR computer trying to get the NOC list, then you deserve to have it taken. He must have found a secret ventilation shaft in your ceiling.
"and will keep the RIAA away from your Kazaa files."
I'm not understanding this statement. If you are running a program that shares files then the RIAA will not magically be locked out. If they're talking about someone hacking your computer then I guess it depends on how they do it.
Once you boot using the key your computer is going to have to store and use that key in order to decrypt data on your drive. This has got to be done in the background by the MOBO. What a pain in the ass it would be to have to explicitly and in person tell the computer to decrypt every file you access!
That being the case, if someone forces one of your programs to crash but leave open a shell wouldn't the MOBO go on happily decrypting data for any process running in that shell?
If encryption/decryption is happening at the hardware level it would seem to me that the only real protection you would be getting is if someone steals your computer but doesn't take the device that you use to feed the MOBO the key. How many of us would just leave that device plugged in to the computer anyway?
The race isn't always to the swift... but that's the way to bet!
"Hi, I, like, lost my key or something. Can I, like, get to my disk anyway?"
"Umm, no, it's completely inaccessible without the key; that's the point."
"Well that's stupid! I'll never buy anything from you incompetents again!"
...which may also be FUD, as CSS isn't that bad an algorithm afaik. The reason CSS failed is the same reason many fairly strong encryption methods have failed: key management. It doesn't matter how good your algorithm is if a manufacturer messes up and includes both public and private unciphered keys in their product code. AFAIK, all the modern rippers still exploit a set list of known keys, it's just that the list has gotten a bit longer over the past few years.
Again, it all comes down to key management, and eventually beyond that, people making mistakes.
-Chris
--an unbreakable toy is useful for breaking other toys--
If they crack your disk and find "real evidence" (i.e. RIAA songs) then the DMCA doesn't apply, because they (as the copyright holder of the protected work in question) can just grant authorization to themselves to do that. Oh, and you violated the DMCA every single time that your computer decrypted the disk. Hmm.. Abit's invention let's you violate the DMCA how many times per second?
But if they crack your disk and find worthless (to them) evidence, such as your home movies (which you hold the copyright to), then you probably really do have a DMCA case.
The catch is that if they have subpoenaed your disk, then who really does the cracking? If they can get a law enforcement officer to do the dirty work, then it'll fall under one of the DMCA exemptions.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I have a 3 gig hd from 1996/1997. It has Debian 3.0 on it installed when Debian came out. It survived TWO motherboard deaths of two different pcs. I put it out and put it in again. No "secure ide" hindering me in the process. :)
"I am slashbot, hear me roar!"
This looks a lot like snake oil to me. No useful information at all in their description. They could just be doing an XOR for all their site says. I want serious specs.
okay, it's only 40-bit DES, which isn't super secure. But it's damned easy to use, and is plenty good enough for keeping my wife and kids from finding the naked pictures of my girlfriend.
If you loose the key, the maker can send you a new one. If the court orders them, they will give the police/whoever a new key. This only protects against the computer being stolen and not the key.
It's IEEE1394. Apparently their advertising department believes this can be shortened to IEEE.
$5 / month hosted VPS on linux = awesome!
When the police sieze your computer and discover the lock, they can have a judge demand you turn over the key. When you don't, your in contempt of court... And they can then hold you, in jail, until you agree to comply. You could fight it if you want to; although, I wouldn't recommend it.
This is the same type of connector used by IEEE1394 (firewire, ilink, etc.)
It reminds me of the AOpen Tube Amp Motherboard. Stuff like this might get my respect if it was hacked together in some guy's basement, but from a major hardware firm it amounts to marketing fluff.
If the "key" is indeed a USB key, it's a waste of money.
The risk of losing and subsequently replacing the key is too great. The bother of constantly removing and replacing the key is a too much trouble to be secure, people will forget and the security is broken.
Rather, I would suggest a SmartCard unlocking mechanism with a dedicated keypad. Since the SmartCard is always effectively "locked" there is no need to hide it.
One could do this much cheaper using an external firewire or USB drive housing. Just embed the smartcard reader into the device with a keypad. This way, a hacker could "stash away" their entire drive or take it with them if necessary. Since the reader is portable, he could recover his data on a separate computer.
Better scenarios would entail placing the drive in a separate location and communicating with it wirelessly (over VPN of course). If their computer gets confiscated, they won't get any of the good stuff, only the core system. The drive can be safely tucked away somewhere else in a residence or in a completely separate living space (not covered under warrant).
-------- -------- Support Wesley Clark for president!!!
You have to provide any encryption keys on demand by law or spend time in prision.
Now this doesn't use a key according to the article, but by using such technology people are going to think you have something to hide.
Am I the only one who's more interested in that big-ass cooling system, the in-OS BIOS updating, the fan control, the SATA and the GBit ethernet? Who cares about a pointless ATA hack?
Doesn't the loser of the case have to pay the legal costs in the US???
If I seem short sighted, it is because I stand on the shoulders of midgets
Many people have argued that the RIAA doesn't need to read your drive when you're sharing your data, but i think they do. See, they can claim you're sharing song X from artist Y, but how do they prove it was you?
Ofcourse it's easy to get your IP when they're downloading the song, and it's probably easy for them to find out who is currently using this IP, but they'd still have to prove it was you. IP's can easely be spoofed and all.
The easiest way to prove it was you is to show that the file is in your shared folder.
So while it won't make it harder for them to track you down, but it may be harder to get a conviction.
(No, I don't have any faith in any justice system, especially the American. But anyways...)
So encrypt your MP3 files.
I always wondered why people didn't do this. Wrap each shared MP3 in a password protected zip. Would you be liable for distributing encrypted MP3s? Technically, you took measures to make sure nobody else could use them.* (You put them on the net so you could access them from anywhere.) For anyone to prove they were copyrighted, they'd have to crack your password, which would be illegal and probably a DMCA violation. I know there was the whole "pig latin encryption" of the filenames, but that was just in good fun instead of any kind of real protection.
* Nobody said you have to use an extremely difficult password to crack. "riaasucks" would do nicely. :-)
My beliefs do not require that you agree with them.
How would a hardware encrypter/decrypter know if the RIAA is scanning your Kazaa share folder over the Internet?
I mean this could be great if you are worried about people grabbing your harddrive, but the RIAA and FBI probably are not going to break down your door until they have other evidence traced back to you. I'm sure there have been many lawyers who have successfully convicted hackers/crackers/script kiddies without being able to access the contents of the accused's hard drive.
So really, the only thing this protects you from is some hoodlum stealing your hard drive to try to extract info from it. If you are just an average Joe Blow like me, I don't think that that is very likely.
On top of that, does anyone know what algorithm or process it uses? Ussually companies or people who sell this stuff without allowing scrutiny are selling snake oil. As much as I like ABIT's products, I don't think I'm too compelled to trust this "solution".
I don't need no stinking encryption. *I* have Windows XP, just let those government baddies try and get my hard drive! Soon as they plop it into another computer, the Windows XP registration assistant will notice that they don't have the proper hardware signatures and refuse to run the OS!
Actually, according to the chip mfg. eNova "Government-certified DES and TDES algorithms assure high level security." They also have make a PCI add on card for existing systems and a USB HD case for portable encryption.
Ex. Someone takes your computer to scan it for 'pirated' material. They get it back to the lab and realize they need the key. They subpena (sp?) the USB key, you hand it over, they go and start looking at your computer.
However, the key you gave them passes instructions to the OS to wipe certain directories.
The only devices I see this being really usefull in is laptops, handhelds, etc in case of theft. If someone breaks into your house, knowing human nature, chances are the key is still in the computer.
"Thanks to the remote control I have the attention span of a gerbil."
40-bit AES "will keep government supercomputers busy for weeks"??? Try seconds!
"Freedom means freedom for everybody" -- Dick Cheney
watch out, all thoes nubs that have all sorts of pr0n in there kazaa folder have to have the piece of mind that there stuff is safe. There the same people that use aol and call themselves a "hacker" after playing around with netbus or subseven for an afternoon. there idea of 1337 haxoring is nothing more than opeaning and closing the unsuspecting victom's cdrom over and over. i really dont see any viable applications for this sort of technology. by the way... the little tidbit about the government computers taking weeks to crack. during thoes weeks you'll prolly be held in jail anyway
Does the 5th only apply to knowledge in your head?
This issue is a bit more complicated than you think.
like many users, you're behind a wireless NAT router. Then, if you went to trial and your machine was subpoenaed, they'd be unable to prove the files they saw you sharing belonged to you and not to some wardriver parked outside your house.
Of course, that's assuming that someone is willing to go go through the hassle of not settling when the suit is filed.
In any event BestCrypt offers better security, probably for less money, and you don't have to worry about losing any dongles. For hiding media that doesn't require high access speeds it's a much better choice.
i think the press release and motherboard settings remind me of this...
While the ABIT 40bit DES version is good for simple security to keep people off the computer, for free its a nice add on. Enova has those nice 192bit Triple DES cards or Bay slots that look more upto the task.
I think if I was really paranoid, I'd setup something like the following.
Linux server running Rubberhose encrypted filesystem with Enova's 192bit triple DES secure bay kit.
Then on your PC using PGPDisk or Bestcrypt volume on a SMB share over IPSEC and maybe even with Stunnel. (Or multiple PC's in a client/server setup)
Then for backups, It seems you could do a simple dd to a tape drive. Too many encryption layers on the backup to restore without the proper settings and software. Should be pretty safe.
Pretty much all simple software thats easy to use, and wouldnt take too much setup. Just need a way to have the Enova's keys use timebased passphrases, and I'd feel it was secure enough.
On 1 single pc, rubberhose+bestcrypt would be my choice.
How is this better than a software encrypted file system? At the least it seems like a hardware key is less secure than a passphrase. It's a lot easier to steal a physical key than a string of characters that exists only in my head.
Give me Classic Slashdot or give me death!
The average case:
:-)
A half sleeping government worker will enter the password that is written on the back of the keyboard
The manufacturer of the card is actually eNova at http://www.enovatech.net (See the X-Wall SE entry in Whats New, and Patent Pending Architecture in Technologies). They have a range of products including a notebook with this product installed.
you need a 2 key system. One key for theb'special data, one for normal use.
The Kruger Dunning explains most post on
Mod this up up up! Bi-atch. Stupid rice-rockets suck. This site rules for making mockery of them.
This is very very false, and comments like this one illustrate how ignorant most people are of the DRM concept.
There are at least two kinds of access restriction: traditional encryption, and DRM. The difference between the two is as follows. Traditional encryption restricts access to data that both the sender and the recipient want to keep secret. DRM, on the other hand, restricts access to data that only the sender but not the recipient wants to keep secret.
People like you, who can't tell the two situations apart, are the reason why DRM is a failure today. You cannot use traditional encryption in a DRM setting, because the premises underlying the two models are very different.
There are ways to do DRM, but encryption is not one of them. Companies will not succeed at DRM until they realize this.
Not all access restriction is DRM.
Please correct me if I screw something up here.
They said that the RIAA wouldn't be able to read the Kazaa files off your machine. Huh?
How does secure IDE do that?
Okay, you got WXP running. And you are running Kazaa, Real Player and whatever else. Obviously the encryption/decryption is done at the hardware level between the motherboard and the hard drive.
For this thing to have practical use to the general public it must be transparent to the OS.
Now the RIAA is getting information on people without invading peoples computers. They are using the Kazaa network and probably downloading MP3's just like anyone else. Then they look at the IP address and go from there.
I am just not seeing how secure IDE does anything to stop that.
The only way secure IDE would be helpful in the Kazaa situation is if it broke Kazaa.
As for the key.
I am not getting that at all. They are saying that it isn't password protected and it isn't a dongle.
It is hardware.
Well that sucks.
Now granted I have never had the privledge of having the FBI or the cops bust into my house and confiscate my PC.
But I seriously doubt they would waste there time cracking the case and taking the hard drives. Minnimal they would take the tower.
Hell they would confiscate everything. Consider all the stupid people that hide there passwords by tapeing them under the keyboard, taking your monitor might pay off for them.
So if they have the tower anyways then I ask again, how is secure IDE helping?
The only case I can see is if I decided a hard drive is bad and threw it away.
And I'll level with ya, when I do that I destroy the hard drive anyways. I don't need encryption. I pull the tape off the side and expose the breather whole. Then I take a screw driver and jam it in there real hard. I make damn sure that I scratch up both sides of the platters. I also try to knock the heads off.
I argue that my way is better then encryption anyways. It might take weeks for supercomputers to decrypt there encryption, but I would love to see a solution to the mess that I make with a screwdriver.
And you can invoke the DMCA on those RIAA bastards when they try and decrypt your hard drive!!
bahahaha!
Probably not.. but it'd be fun.
-kidlinux.
"sorry, its encrypted nothing I can do"
The Kruger Dunning explains most post on
Usually in key based encryption products the key is itself weakly encrypted. In order to decrypt the key, the user must supply a password that gets past the weak encryption on the key. This key can then be used to unlock the stronger encryption in the secureIDE product.
This is how OpenSSH works anyway (i did not read the secureIDE blurb too carefully). The SSH guys say that keys should allways be encrypted, because theft of keys is easy to do. If the key is encrypted then that at least is one more substantial hassle for the crackers to go through before they can get at your data.
ftp://ftp.abit.com.tw/pub/download/fae/secureide_e ng_v100.pdf
IEEE1394 is FIREWIRE!!!
My apologies if this post looks aggressive, but I'm simply tired of reading dozens of highly moderated posts about this "USB key".
why is this different from using drivecrypt plus pack+
aladdin usb token?
it works well. and im sure a quick stamp on the usb token would wreck it irreparably.
So does this come with a SecureLID(TM) Tinfoil Hat?
I might want to encrypt the contents of my brain too.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
This looks great for securing data in the event of theft of the drive or the system but that's about all this is good for. I really don't think it's a desirable solution to securing data from law enforcement though.
Think about it for a moment; let's say you've got data on the drive that will land you in trouble if it's found, the drive is taken as evidence, but charges are dropped because it can't be unencrypted. How long will it be secure? It may take weeks for a supercomputer to crack the encryption but how long would it take a workstation manufactured in 2010 to do it?
It would definately take all the fun and excitement out of following tech news; each advance leads closer to the day that someone dusts off the drive and cracks it. Waiting perhaps years for the inevitable knock on the door as computer power catches up with you would be horrible.
Input error. Replace user and press any key to continue.
Secure IDE .. will keep the RIAA away from your Kazaa files.'
Until the user shares them with the world. Damn some people are stupid.
You misunderstand that line and it's motivation. The stupid folks are not at Abit, that RIAA line is outstanding marketting given the intelligence of the average Kazaa user or Slashdot reader.
2) Before you post again,
Stop.
Chill for a second.
Let Daddy massage you for a moment.
Let him rub exotic oils into your back.
Let him whisper special words into your ear.
Hear him whisper special words meant just for you.
Hear him say: Stop being so fucking condescending.
Yours in Christ,
eSolutions
There are companies that specialize in retrieving data from that mess you make with a screwdriver. Did it ever occur to you to just use a demagnetizer?
Also, I have been raided by the fbi and yes, they take everything. If you have something scribbled down on a napkin from wendy's the looks like it could be computer related they take it. I was fortunate in that they sent all my stuff back. Plus I got all these nifty fbi evidence stickers!
Would be better and more secure, but that'd be one bloated bios, and would add an extra 250-300$.
True genius is grasping a situation like a peice of fruit, and peircing it just right so that it drains dry.
not exactly, its a 2048-bit encryption key built into the XBOX of which the code must be carried on any microsoft-approved product. dont have the key, and it wont play the game. hence the need for a modchip, which bypasses the need for a key check.
Newsie, Moderator, www.tauniverse.com
"It is the company policy that we destroy the random database after it is written into the secruity key. We do not keep the duplicates and nobody in this world other than you has the duplicates." Came straight from the company website.... http://www.enovatech.net
The views expressed are mine own and do not express the views of my employer.
Ok, I'm not an expert on cryptography or Tripple DES, but doesn't it become substantially easier to break the key for a given piece of cyphertext (in this case, the contents of the disk) when some or all of the corresponding plaintext is known (or at least can be reasonably inferred)?
That being the case, how hard is it to really guess the contents of the disk's boot sector, especially for known operating systems (not to mention other standard things you'd find on a disk formatted for a given operating system)? Doesn't that make this type of system largely useless, at least if it encrypts the boot sector with the same key as it uses to encrypt the rest of the drive?
Understanding is a three edged sword. - Ambassador Kosh Naranek, Babylon 5
I don't claim to be an encryption expert, but a lot about cracking keys is based on how random the data to be encrypted is BEFORE you encrypt it.
For instance, one of the breakthroughs in the cracking of Enigma based systems was when they mistakenly transmitted the same document twice.
Now, what I am referring to is it is pretty likely the boot block will be the standard windows boot code, which is pretty static, or at least known to be a few different iterations.
I would certainly think you could vastly limit your cracking attempt by limiting your attempts to the area you ALREADY expect to have a certain pattern.
Once you get this, you are likely to have gotten the correct overall key.
Am I missing something here?
It sounds like an encrypted filesystem would be a better way to go to me. Then you wouldn't have to worry about hiding the dongle where the jackbooted thugs can't find it.
This reminds me of my old old old PC from 1990 (An old Apricot Qi) which came with what was quaintly termed 'Apricot LOC Technology'.
The hard disks were encrypted in hardware even back then. Also, there was no reliance on any USB dongle to just get the disk unencrypted.
LOC tech worked by the user having an IR transmitting card which authenticated you to the machine. If it was in secure mode, you had to transmit from your card (encrypted transmission.. No copying the transmission and replaying), which then gave you the login screen for your user (this is the first point the keyboard unlocked).
You enter the password and it lets you use the system.
The encryption was independant of OS. This was damn cool 'paranoid' gear. It won me a few contract jobs on the basis that nobody else could get into the machine apart from me, and a couple of my clients at the time were pretty much requiring security and confidentiality.
Nice for the single user PC where you really don't want someone else turning it on and reading your email.
Still, I'd much prefer to use something that can be used to hold differently available data depending on the user.. The day they put rubberhose in hardware, I think they'll really have a winner...
Still, it seems odd they they are trying to hype tech that's a cutdown version of 13 year old tech as something new and revolutionary..
Malk
If it's only going to keep government supercomputers budy for weeks (and not millennia), then it's probably not using strong crypto.
[Disclaimer: I didn't read the artcle.]
Wow, way to moderate effectively, Mr. Moderator. I mean, its not like I posted facts based on personal experience and, you know, talking to FBI agents. And that way in which I talked the parent post! Its soooo clear that the above was pure trolling! Good job!
Allow me to explain the difference: THIS is trolling (or at least flamebait), THAT was not. I hope you get browbeaten in metamod.
Posting anonymously to avoid another stupid moderator.
If Abit's claim is true,then this will help protect our computers just a little bit better.There is no such thing as too much security!BUT the question still remains,"Does it really work?".
J.M.Hernandez
If you check out Bestcrypt you'll see they already have this feature - you can have a hidden container inside the normal container. There is no way to prove that the hidden part is there. OTOH, that probably doesn't stop anyone *that* interested in getting your data from locking you away in a hole for years until you make with the key, or just resorting to good old fashioned torture to make you cough up the info either, just in case it is there.
Kjella
Live today, because you never know what tomorrow brings
it's cute and all, but the diagram makes it look like you'll need one such device, key, AND port in the back of your case for each hard drive... more hastle than it's worth if you ask me. Better if they had built it into the mobo with a front panel access for the key.
also, how does this protect from hackers? if they gain access to your system while they key is plugged in, then don't they have the same access you have? if you have the key plugged in and are sharing a folder (like with p2p), then anyone who can access that folder should be able to get unencripted data correct?
I believe sex is highly over rated... unless it involves me
I want a feature that prevents my password from being disclosed after my second 60 day sentence for contempt of court for not disclosing the passphrase for the secure IDE...
-- $G
I finally decoded it. It says. . .
.wait, I've got it!
Hold your breath. .
"B e s u r e t o d r i n k m o r e O v a l t i n e"
Not only will it not keep government supercomputers out for weeks, it won't keep the RIAA out of your disk for weeks if they confiscate it. Besides, the RIAA can subpoena you to make you hand them the key dongle. Also, this is only useful against people who have physical possession of your disk when your machine isn't running - if your machine's running with the disk mounted, it's no different than a regular disk, so querying your Kazaa file-sharer will work just fine, or running a search program on your machine.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The motherboard does have built in RAID, but can you use the encryption with it? If I'm going to go to such trouble to secure my data, I definently want to have some protection against drive crashes. I guess if you can hook up more than one disk to the encryption, you can use software RAID as in Windows 2000, etc. but hardware RAID would be nice.
You can always make backups, but you'd have to encrypt those, and if the encryption is not as good as the original then that's a problem. And if the backups aren't encrypted, that's just plain stupid.
Actually I can see this being a popular selling point at stores like CompUSA.
"Yes, you can get this computer, but sir, this one right here includes hardware encryption built into the system. That way the RIAA can't see what you're doing."
On the other hand any "paranoid freak" is going to scoff at anything less than 128 bit encryption.
This sounds like a good idea but an inadequate implementation.
Give me your scratched hard drive, and $500, and I'll deliver all of your data to you on CDs within a couple weeks.
Manual data recovery doesn't depend on your read heads, or how air-tight the drive is at all. Unless you completely incinerate the platters, there is still recoverable data. Just leaving the platters in-tact makes it quite a bit easier, but no big deal. The only thing you are stopping is from someone else using that hard drive again, or some casual snoop from sticking it in their computer and attempting to use undelete to recover what you had on there. A reasonably determined opponent wouldn't even do that.
You'd be better off using dd or cat to write random data across the drive a few times, and still leaving it functional.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Well obviously the cops/FBI are going to be doing the decrypting.
What would make you think that the law would confiscate material evidence, and then turn it over to non-law enforcement before it has been used at trial?
Hell, why not have the cops confiscate a bloody knife from someone's home, and hand it over to the victim's family? I'm sure there would be nothing wrong with that... Something about a chicken coup and a fox comes to mind...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
this is actually a DRM scheme? So that files that are on your harddrive are being protected from YOU, so that you cant copy them to other computers, and can only use them how <Insert Large Corporate Entity> thinks you should use them and when...
So what happens if I lose the key?
So what happens if the mobo goes bad?
So what happens if an individual component on the mobo goes bad causing the replacement of the board?
Hmmmmm....
If ABIT can get these to catch on they could make a bundle off support. However, while you (argumentatively) have some level of security you loose the ability to swap the drives if that board fails. Couldn't this be painting yourself into a proverbial corner?
But what do I know I have the IQ of an empty shoebox.
...the only option is to go with software encryption?
C'mon, Abit. If you're going to do something like this, do it right. Offer it on a SCSI host adapter as well. I don't care if you make something up that's customized to the motherboard. There are those of us who simply don't like IDE for any number of reasons. I'm one of them.
Bruce Lane, KC7GR,
Blue Feather Technologies
The Xbox has two key based systems. One of these is the software key, which as the other poster mentioned is 2048 bit (basically uncrackable) .xbe (XBoxExecutable) files. Modchips bypass this "feature"
The software key is used to sign the
The hardware security (which is more relevant to this topic as it involves the hard drive) utilizes a little known feature in the ATA command set where a password must be sent to the hard drive before it will allow data to be accessed. This does NOT involve encryption, it is merely the hard drive refusing to access the data. This password is easy to extract (with the right tools), as shown here on the Xbox-Linux homepage.
If you happen to have a laptop, it is likely that it supports this ability in the BIOS. Most desktops will need an extra application, thus not allowing you to place your OS on the protected disk. (although you should never put the OS near important data anyways...)
Hope that clears things up for ya..
I used to get high on life, but I developed a tolerance. Now I need something stronger.
I think the point is that your hard drive is now protected by the DMCA.
:)
The bit about keeping the government busy for weeks seems unlikely, but the fact that it's encrypted means the data on it is protected by the DMCA and can't be used as evidence against you in court.
I guess the same would apply if you just used software encryption.
If you want to keep the government out of your hard drive, get a shredder with a panic button. Or better yet, mod your hard drive with an incendiary device for the panic mode. Just make sure you don't accidentally trigger it
they get you know then they'll have got your IP from connecting with something like a Kazaa client to your machine. They legal your ISP and find out who you are, and then you get a letter inviting you to be sued.
Of course at this point, most people would hide their MP3 hard disk, or destroy the contents. This doesn't help - they've already got the details and your IP and I'd imagine with expensive enough lawyers behind you that'd be enough...
This looks like a nice board, but what are the noise levels from that cooling solution?
I try to build my boxes as quiet as possible, and the OTES coolers on their graphics cards has generally been classified as something you should not expose your neighbour to in most reviews. No environmental specs on Abit's pages either (as usual).
2**16 easier
Since this is PK crypto it is 2 ^ 8 times easier, not 2^16.
But the end conclusion is ok.
Just set aside a USB port on your box and but a USB memory device - like say one of those LAKS watches.
Encrypt the file-system using an encrypted-fs as normal.
Modify the login to look at the USB device for a passfile - this could be a MD5 hash.
No file on USB device = no login
The advantage of this is that if you break/lose/flush down the toilet, your USB device, all you have to do is goto another machine with a new USB storage device and re-create the hash-file.
Simple and cheap - I think this would come in at under $40US + some hacking, but hey, someone could have a Debian/Redhat package ready in a week or so.
How about goatse and tubgirl pictures, for maximum security! That intruder wouldn't be looking at your "data" again anytime soon...
Not only that, but screams of horror would quickly lead you to his tracks.
40 bits = 2^40 = 10^12, which isn't many keys to check through at all. At a million keys a second it would take an average of 5.8 days to find the correct key. For slower cracking computers, scale up the time accordingly or use a small cluster.
Promoting insecure encryption with high-sounding phrases has a long history. I remember a rash of "even the spooks can't break it" encryption packages that were so weak you could practically break by hand: that was back in the 1980s but obviously the problem hasn't gone away!
Still, horses for courses: it's actually quite good not to use encryption that's stronger than you need, because if you do lose the key, you have some chance of paying someone to break it for you.
So is this going to be like Windows NTFS encryption? Yeah, that's really going to keep people away from all of my files, just plug it into another NTFS system...
You can post as me, anytime!
No, the only potentially completely secure solution is for the users to generate the key data themselves.
120 character sigs suck. Make it 250.
I've always wanted a super fast super hot incenerator. Like maybe a lead box with a baby nuke inside. Ok, maybe something a little less extreme. Anyway, when the taliban come knocking at your door you simply break the glass and hit the big red button and step away from the big lead box. In a minute or two there is no hard drive, there is no computer, there are no playboys, there is no bible, no pot, no overdue library books, whatever it is you're trying to hide - it's gone. perhaps I should ask slashdot, what's the best way to destroy your harddrive?
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
1. Degauss the drive with a tape demagnetizer, making sure to thoroughly hit each side of each platter. This does a pretty good job for the most part, at least against most typical end-user attempts to recover the data.
2. Demagnetize as above, then put it in your oven at the hottest temperature for an hour or several. While it won't demagnetize it, it will cause significant random changes in polarization (since your hard drive is only stable at a few tens of degrees above room temperature due to the high bit density). This should defeat pretty much any attempts to recover the data, but there might still be random parts of the platters that are recoverable.
3. Place it in your kiln. Heat to above the Curie point of Cobalt (about 1500C). It should be noted that this is, coincidentally, about the average melting point of the class substrate, though depending on composition, glass could potentially melt as low as 500C. If you are not able to raise the Cobalt alloy to its curie point, melting the glass substrate is a relatively effective alternative.
4. Cobalt metal will (slowly) dissolve in a dilute sulfuric acid mixture, and dissolves easily in hydrochloric acid or nitric acid. In any case, be careful not to get the acid on your skin (or anything else, for that matter). This is quite possibly the easiest effective solution for destroying data on the hard drive.
And remember, kids, don't try these at home.
120 character sigs suck. Make it 250.