Slashdot Mirror
ABIT's Secure IDE Motherboard
Frank Caviggia writes "The Inquirer has a story about ABIT's spiffy new IC7-MAX3 motherboard. Apparently, this motherboard has a feature called 'Secure IDE,' which is marketing-speak for hardware-based encryption ... ABIT goes on to claim that 'Secure IDE' 'will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files.' Pretty bold claims for a motherboard maker ..."
Correct me if I am wrong, but applications can still access unencrypted data; doesn't that mean numerous hacks would still work? 4ndr3w Scientists have been proven wrong time and time again -- by other scientists
Yeah, I'm thinking that this would only help if they took your hard drive without the motherboard. Is it password-protected at boot, or what?
if(!cool) exit(-1);
Secure IDE, says Abit, has a special decoder without a special key, and that means hard drives can "never be opened by anyone".
Then from the paragraph before: "... its Secure IDE technology will 'keep government supercomputers busy for weeks.'"
So it can never be opened by anyone except the government, which will require a few weeks to decrypt what's on the drive? Are they mixing a physical opening of the drive with reading the data on the drive itself?
Let's see, if it doesn't require a special key, and you steal the whole computer (which is likely, compared to just stealing the hard drive), then you can read the data. Furthermore, assuming this computer will "work", what is to stop you from sharing the data. Strange claims, but this technology could be useful for other purposes. Encrypted CD-R's which can only be read on a specific computer, for example.
In Soviet America the banks rob you!
Doesn't the Patriot Act remove the need for a search warrant to enter your home?
but if the court ordered investigator is actually at your keyboard, or they're checking through normal network means isn't this pointless? Okay, granted if my job is to look through peoples hard disk all day I'm going to want to take the disk out of their machine and use my machine to look at their data, but using their's doesn't exactly make it impossible, only inconvient. I guess if they destroyed their own board to hide evidence that would work. Another thing, your board frys. You loose all your data. I don't know how many times in my line of work I have had to replace a mother board and make sure the data from the old drive survived.
The preceding post was not a Slashvertisement.
Personal computers with built-in hardware encryption is going to make life hell for support technicians.
I mean, I like the idea. I just don't like the idea of having to deal with impenetrable security on top of everything else that I have to deal with when my little brother's friend fries his computer again and I have to slap a new HD or mobo etc in it.
There are some things about this that I like - the cooling systems look interesting, and as someone who's looking upgrade my old Win98 Game Box (that's about all Windows is used for with me these days), I can consider it.
But the encryption doesn't sell me, because it's really a limited use.
Assuming the machine is being used, and they is inside so you can access your data. You install an old version of Linux with an unpatched SSH client, and somebody root kits you. The encryption won't help you here - after all, the key is already used on the box so the motherboard can talk to the hard drive.
The only time encryption would be useful is when:
a) Somebody steals/appropriates the computer, and doesn't get the key. You destroy the key, and if this is a court case, you make sure there are no backups they can restore from.
b) that's about it.
I like the idea of encryption being on a laptop hard drive, and there's a USB key for it (I'm hoping the 10.3 version of OS X's user directory encryption is not just password/passphrase enabled, but lets you use a CD-Key, or something onto the Keychain file and you can be anal and put the Keychain file onto a USB key so it has to be inserted for the home directory to wirk). A laptop is more likely to be stolen and credit cards/passwords/sensitive company information (and if you're like me and work for a company who does Defense department contracts, that can be a big deal).
Otherwise, I'm not sure I fully see the "average" home use of this motherboard to protect from the RIAA finding out what files you have over the Internet, since the hard drive is already being decrypted to give that data over the network. Like I said earlier, it's only use is if the RIAA gets a court order, and you throw the key into the garbage diposal. (Which might get you held up in contempt of court or some such, and then you'll have to hope that Abit doesn't have a backup key of their own floating in their system somewhere.)
I could just be missing the point of the encryption other than a "gee whiz" feature - but that's just me.
52 Weeks, 52 Religions with John Hummel
"...and will keep the RIAA away from your Kazaa files."
While this is true, the RIAA doesn't actually need to win their case to get money from you. They just want you to give them $12,000 - $17,000 in an out-of-court settlement. Even if they don't have a case against you & can't prove that your files really were mp3's (due to your encrypted hard drive), they're still going to attempt sue you if you don't settle - Sure, you'll win in court, but you're still going to pay $10,000 (or more) in lawyer & court expenses...
I guess if you were doing something even more illegal that would required real evidence (i.e., innocent until proven guilty), then an encrypted hard drive would be a problem for the prosecutor. (That is, unless Abit really is just doing 'encryption by obscurity' as an above poster suggests)
From what I can tell, the data on the hard drive is encrypted and decrypted on the fly. While that may not conflict with the OS you have on there, what if you wanted to put the drive in another, non Secure IDE motherboard? Apparently you wouldn't be able to access it. Hopefully it'll come with an app that can decrypt the HDD... and of course that app will be windows only.
I am a filthy pirate.
I love the looks of this board, and I'll probably get one, but the only problem I have, is from time to time I put my HD in another computer for trouble shooting. If a power surge, rouge program, or virus damages my drive, a lot of times I can transfer the drive to a different computer an still get many of my files. Also, I have taken my HD to other peoples houses when other means of transfer are exhausted. It seems like this would lock you into one hardware format.
Sigs are out of style, so I'm not going to use one...oh wait..
if you're using FDISK in DOS to setup the partitions, there's no reason you can't install Linux on top of the DOS partition. That's how they all are. Even on my Cobalt MIPS box, it's got a freaking DOS partition layout.
The real question is, if the Key is USB, does the OS need to mediate between the SecureIDE subsystem and the USB key, or does the BIOS do it below the OS?
There are a few problems with it though. The key is almost certainly copied off the USB key into local storage, rather than passing all data through the USB port for encryption (though with a dedicated USB2.0 port, that might be allright), and if you're getting sued and the court requires you to make the data accessible, saying you 'lost' the key is going to put you in jail.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
I see a lot of people saying that they steal the motherboard then they can crack it, which while possible isn't entirely true. If you would read the information about the board you'd see it's a hardware dongle that stores the key information. Thus, if you buy a new mobo with secureIDE and have the same dongle you'll be able to read the data. It's that simple.
So rather than destroying the motherboard, you just need to store the USB key somewhere other than where the computer is. Pretty straight forward. You can't take the hard drive to another secureIDE computer and have it work without the USB key.
My Slashdot account is old enough to drink...
Ge = Geheimnis, or Secret
Sta = Staat, or State
Po = Polizei, or Police
Translate from german to english, and mash it all together again, and viola, Secstapo
If it is able to encrypt a harddrive at the beginning (with FDISK) with ANY key you have on that keychain, then I'm sure it is only used for superfast hardware encryption and decryption on the fly.
It will store the key in it's own RAM (that way you don't have to have the keychain plugged in after initial bootup) and will disappear when powered down.
Why are there only 19 people folding@home for slashdot?
It seems that the hardware manufacturers can see that the money is with the pirates and not with the media companies.
It wouldn't surprise me if they ended up killing off DRM by offering workarounds and personal encryption based products, because that is what consumers are demanding.
Beep beep.
True. But if the RIAA wants to get at your files they would have to circumvent the encrpytion. Correct me if I'm wrong but wouldn't that be breaking the DMCA?
It encrypts your data on the fly. Take the key away, now noone can mount /dev/porn.
Anything that restricts access to any data is DRM. That's why the slashbot reaction to the term is so moronic. Slashdot has DRM in the form of usernames and passwords, so I cant post as Perens or Carmack, and to make sure only subscribers get to see articles when first posted. A zip file with a password is "drm".
I don't need no instructions to know how to rock!!!!
According to that diagram, the motherboard isn't involved at all, and the card attached to the harddrive and the external dongle does everything transparent to the motherboard.
Is ABIT just bundling a product with their motherboard here, and can it be bought elsewhere?
I'd like to see one of these with a key fob that has an auto-destruct button on it, like a tiny capsule of acid... Delivered with two dongles -- one you can put in a vault or destroy, depending on how you feel.
Regards,
--
Arthur Hagen
Many people have argued that the RIAA doesn't need to read your drive when you're sharing your data, but i think they do. See, they can claim you're sharing song X from artist Y, but how do they prove it was you?
Ofcourse it's easy to get your IP when they're downloading the song, and it's probably easy for them to find out who is currently using this IP, but they'd still have to prove it was you. IP's can easely be spoofed and all.
The easiest way to prove it was you is to show that the file is in your shared folder.
So while it won't make it harder for them to track you down, but it may be harder to get a conviction.
(No, I don't have any faith in any justice system, especially the American. But anyways...)
So encrypt your MP3 files.
I always wondered why people didn't do this. Wrap each shared MP3 in a password protected zip. Would you be liable for distributing encrypted MP3s? Technically, you took measures to make sure nobody else could use them.* (You put them on the net so you could access them from anywhere.) For anyone to prove they were copyrighted, they'd have to crack your password, which would be illegal and probably a DMCA violation. I know there was the whole "pig latin encryption" of the filenames, but that was just in good fun instead of any kind of real protection.
* Nobody said you have to use an extremely difficult password to crack. "riaasucks" would do nicely. :-)
My beliefs do not require that you agree with them.
> It's not like the RIAA can just go into people's homes
> and start busting open computers for pirated music.
[ solely on the basis of alleged copyright infringement ]
Actually, they probably can, but have not yet adopted this tactic.
This is exactly what Scientology's OSA did to Dennis Erlich,
a former high-ranking Scientologist who started to discuss the
secret inner doctrines of Scientology on Usenet newsgroup
alt.religion.scientology sometime in 1994.
OSA went to a judge, alleged copyright violation, got an
ex parte writ of seizure, and ransacked Erlich's home,
tacking his computer and backups, and many paper documents
not covered by the writ.
The raid is described here, and
you can download a Real video of the raid here
Scientology is way out in front of the **AA on this copyright business.
They had the foresight to call Erlich, (and others who dared to
publicly discuss the Sekrit Skripchurs on Usenet)
"copyright terrorists".
Wait a minute. Didn't I say that on the other side of the record? I'd better check
Usually in key based encryption products the key is itself weakly encrypted. In order to decrypt the key, the user must supply a password that gets past the weak encryption on the key. This key can then be used to unlock the stronger encryption in the secureIDE product.
This is how OpenSSH works anyway (i did not read the secureIDE blurb too carefully). The SSH guys say that keys should allways be encrypted, because theft of keys is easy to do. If the key is encrypted then that at least is one more substantial hassle for the crackers to go through before they can get at your data.
Well, he had been there before so they kind of expected him to show up I guess. The IT people called the police and they came and didn't really know what to do other than ask for his license and registration. When the police showed up the IT people came outside and looked at his computer and found the MAC address which matched the ones in their logs.
The case was dropped, they really didn't have any hard evidence and the law is very grey in this area since there are no real precedents. The police have retained his laptop for a long time though, they keep giving him the run around when he tries to get it back.
Visualize the world of wine
Triple DES is very fast, and it is an established encryption algorithm, I am sure this is not just marketing speak.
... a door :)
Normally with tripple des an ede scheme is used (encryption with key a, decryption with key b and encryption again with key a. This is supposed to be almost as secure as a tripple des with an additional key c at the end. Furthermore, only 7 bits will be used of every byte, so the actual encryption will be 112 bits strong.
Single DES is not secure, and especially when the same data is both available encrypted and as plain, the code will be easy to crack. It would be the same attack as against 56 bit WEB encryption on wireless lans. Think minutes.
Actually AES is considered more secure, and is made for fast encryption both in hardware and in software. So why this isn't used for these kinds of products, I do not know.
The obvious cool things are the certification (which may have to be performed again when using AES, think big bucks) and the operating system independence.
The obvious disadvantage: this is symetric encryption. You won't be able to use it for continuous storage on a web server. It only protects you when the system is attacked physically. If you can break the OS, you will be able to get to any data on the storage device... So you could replace it easily with
Warper
I'm going to pick an very small nit: While Geheminis is the correct root, in the abbreviation it becomes Geheime. I don't know the proper English terminology for changing nouns like this (since, well, English doesn't do it). So the correct expansion of Gestapo is Geheime Staatspolizei.
Doesn't change the meaning or point of your post one bit. Just so no one will go arround shouting for the Gehemnis Staatspolizei. That would roughly translate to "a secret" state police.
And I assume you already knew about the umbrella organisation that contained the Gestapo the SD (Sicherheits dienst) and the Kriminalpolizei; Reichssicherheitsamt. Translate that and you have: Reich=Realm or homeland, sicherheit=security, amt=department/office, i.e. the Department of homeland security. Nice bit of translation there. :-)
Stefan Axelsson