Slashdot Mirror
ABIT's Secure IDE Motherboard
Frank Caviggia writes "The Inquirer has a story about ABIT's spiffy new IC7-MAX3 motherboard. Apparently, this motherboard has a feature called 'Secure IDE,' which is marketing-speak for hardware-based encryption ... ABIT goes on to claim that 'Secure IDE' 'will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files.' Pretty bold claims for a motherboard maker ..."
SecureIDE connects to your IDE hard disk and has a special decoder; without a special key
So what they are saying is their algorithm is proprietary and is therefore likely insecure? I thought people stopped believing in/hyping security by obscurity years ago... Or maybe that's just wishful thinking? Hell, for all we know they could be using xor encryption or some such crap. I don't trust any encryption algorithm that I can't see.
while ((c = getc(unencrypted)) != EOF) { if (!*cp) cp = "key\0"; c ^= *(cp++); putc(c,encrypted); }
3y3 y4m l33t, c4tch m3 1f y0u c4n RIAA. heh.
In addition, if there is no key does that mean there is no local security? If someone just took your whole rig mobo and all would they be able to access your files since whatever algorithm they are using must be embedded in the board?
I can see the spooks at NSA laughing.
Visualize the world of wine
Wouldn't that require some intelligence by the user? I mean like not sharing their file library? It's not like the RIAA can just go into people's homes and start busting open computers for pirated music.
Until the user shares them with the world. Damn some people are stupid.
I'll take the flames for reading the article before posting, but ABit seems to be selling this to people who think that when the police/bad guys/whoever take your computer, they only take the hard drive.
Since they don't have a Secure ATA controller, they couldn't read the drive. They probably even need the same Secure ATA controller.
But if they have access to your hard drive, time to unscrew it, secure it, etc - why not take the entire machine?
The marketing people are probably patting themselves on the back right now but ABit just lost a fair bit of respect from me. If it is secure, post more information about "Secure" ATA and prove me wrong - if you want to hide details and claim it is secure, I'm worse than not interested in this tech. I'm less interested in Abit on the whole now.
The RIAA isn't going after people because it finds files on their hard drive, it goes after people because it sees them sharing these files online, unencrypted. This technology is worthless against the RIAA in that respect.
Before everyone starts bitching with their collective "This can't work! How would it work!?! It's insecure!!" pablum, I offer this solution:
wait.
There will be more information in the weeks and months to come. Don't decry this as useless until you know what it actually is.
___________
That aside, this could be a case of "secure computing" working counter to many of the interests that originally pushed it. Sure, encrypted channels can be used to enforce DRM, but they can also be used to hide that cracked media when $badguy comes looking for it on your hard drive.
The DMCA can work for you just as it works for $badguy. That encrypted IDE is protecting -your- copyrighted intellectual property, after all.
GeekNights!
Late Night Radio for Geeks!
Encryption algorythms are sufficiently advanced that key management is the real issue: Trying to brute-force it can be very difficult, but finding out the private key (which makes decryption trivial) can often be relatively easy. So, even if they used reasonably strong encryption, chances are that they won't succeed at protecting the private keys.
However, I suspect that their encryption isn't really all that strong. Doing strong encryption at speeds necessary to sustain IDE transfers (up to 50 megabytes/second *per drive*) is fairly serious stuff, especially if you want to be able to do it at sufficiently low latencies. Hardware-encryption boards that truly do strong encryption at much slower speeds than that are pretty pricey, usually at least four figures.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
Everyone ranting about how this is inherently stupid since the key is just on the motherboard should actually read the article and note that the key is actually going to be stored on a removable device of some sort. So the idea is you carry the key with you at all times and just plug it into the computer when you want to use it. When the key is not in the computer the data cannot be read.
Of course this still doesn't explain the silly Kazaa claims, however that is another issue altogether. In fact this whole thing seems kind of useless since if the government were to confiscate your computer or something you'd think they could just subpoena the key as well, and it does nothing to protect against hackers since the key has to be in your computer for you do use it. Turning it off when you're not using it would be just as effective. About the only thing this is good for is in case somebody steals your computer when you're away. But it could work for that.
Physics is good
- It has *nothing* to do with the motherboard, it is a card that connects between the IDE cable and the IDE drive. Like s separate card.
- It works with all OS, no drivers. You need to start from a blank disk though because everything is being encrypted/decrypted as it passes through (if you "decrypt" plaintext something it goes horribly wrong).
- The encryption is 40 bits which is really really weak. Same as DVDs for example (ok slightly FUD because CSS was a poor algorithm)
- You have an external keyring, which acts as your hardware key.
That being said, I really don't see the big use of this. It's only good if your disk is taken, they don't take the key and it's only protecting the information (disk is as good as ever if you remove the card and format it again). Of course if you have vital company/personal/military data on your disk I suppose that might be enough of a reason.Kjella
Live today, because you never know what tomorrow brings
You're right, a lot of people didn't read the article and totally overlooked the USB-ish dongle you use.
A good question will be if the computer is running and you yank out the dongle what will happen? Will the OS just hard crash or will something else terrible happen?
Its also something that can be smashed with a hammer or other blunt object, tossed into a river, or broken into small pieces, each being discarded in several random trashcans between NYC and DC. You don't have to destroy the drive, just the chip. If the feds are that close, I think you'll voluntarily give up the data in the name of personal freedom.
Besides, your friends still have the GPG-encrypted DVD-R backups you gave them, right?
Intelligent Life on Earth
according to the installation guide:
40-bit DES (US Data Encryption Standard) is adequate for general users
In much the same way that leaving the data un-encrypted is adequate for general users, I suppose.
Only if you are an enemy combatant. And in a war on terror all terrorists are enemy combatants. And terrorist is defined in the patriot act as, just about everybody they want to lock up without trial.
The GeekNights podcast is going strong. Listen!
I think what you meant was the Type R.
It reminds me of the AOpen Tube Amp Motherboard. Stuff like this might get my respect if it was hacked together in some guy's basement, but from a major hardware firm it amounts to marketing fluff.
$5 / month hosted VPS on linux = awesome!
any data transferred over the internet has your encryption removed.
Oh, for a mod point.
This is the real reason that this technology is worthless to keep RIAA/FBI/NSA/CIA/AARP off your back. They're gonna pick it up when you transmit it over a public network. The Secure IDE technology that ABIT is touting protects your local machine on boot if you don't have the USB key - it does nothing for encrypting what you send on the network. If it did, it'd be rendering p2p useless, because nobody else has your sooper sekrit USB key to see what you're sharing. What moron is going to randomly pick your name out of a hat, and come over to your house and take the hard drive out without probable cause?
No, they're going to watch what you're sharing, what you're transmitting and recieving, man-in-the-middle it for evidence if they're feeling inspired, THEN and only then, will they drag your ass into civil court, where "Innocent until proven guilty" doesn't hold as much water. The damage is done before you see the subpoena.
Remember kids, the Constitution, the Bill of Rights, all that, is to protect you from the GOVERNMENT. The RIAA is NOT the government. (Yet.) The judges have to protect you from the RIAA, and they're most definitely not doing that.
Dare to Hope. Prepare to be Disappointed.
One interesting aspect of this that nobody has mentioned so far is physical key vs. a memorized password. Having a physical key is, from a liability standpoint, much worse than using a password with loopback-AES or whatever. In the US, a court can't compel you to reveal a memorized password when it might incriminate you, because of the 5th amendment, but it is able to subpeona a physical key (or dongle), because it can be classified as physical evidence.
If this can be done in hardware, that's a good thing.
I agree. But this particular hardware solution looks very weak and incompatible with existing software solutions. That is not a good thing.
Do you care about the security of your wireless mouse?
Not only will it not keep government supercomputers out for weeks, it won't keep the RIAA out of your disk for weeks if they confiscate it. Besides, the RIAA can subpoena you to make you hand them the key dongle. Also, this is only useful against people who have physical possession of your disk when your machine isn't running - if your machine's running with the disk mounted, it's no different than a regular disk, so querying your Kazaa file-sharer will work just fine, or running a search program on your machine.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Why in God's name would Joe Sixpack be on a motherboard manufacturer's website trying to read about a hardware-based data encryption system?
barzelay.net