Slashdot Mirror
ABIT's Secure IDE Motherboard
Frank Caviggia writes "The Inquirer has a story about ABIT's spiffy new IC7-MAX3 motherboard. Apparently, this motherboard has a feature called 'Secure IDE,' which is marketing-speak for hardware-based encryption ... ABIT goes on to claim that 'Secure IDE' 'will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files.' Pretty bold claims for a motherboard maker ..."
Gestapo Internal Memo:
Remember people, when we break into homes with search warrants, you need to take the MOTHERBOARD now too!
Wouldn't that require some intelligence by the user? I mean like not sharing their file library? It's not like the RIAA can just go into people's homes and start busting open computers for pirated music.
How many more comments like this will there be? If you click the stupid link, you see that you need a USB key each time you boot if you want to be able to decrypt the hard drive. They need the MB, the HD, and your key.
ABIT's site shows a little key that contains the decoder.
The RIAA isn't going after people because it finds files on their hard drive, it goes after people because it sees them sharing these files online, unencrypted. This technology is worthless against the RIAA in that respect.
Personal computers with built-in hardware encryption is going to make life hell for support technicians.
I mean, I like the idea. I just don't like the idea of having to deal with impenetrable security on top of everything else that I have to deal with when my little brother's friend fries his computer again and I have to slap a new HD or mobo etc in it.
There are some things about this that I like - the cooling systems look interesting, and as someone who's looking upgrade my old Win98 Game Box (that's about all Windows is used for with me these days), I can consider it.
But the encryption doesn't sell me, because it's really a limited use.
Assuming the machine is being used, and they is inside so you can access your data. You install an old version of Linux with an unpatched SSH client, and somebody root kits you. The encryption won't help you here - after all, the key is already used on the box so the motherboard can talk to the hard drive.
The only time encryption would be useful is when:
a) Somebody steals/appropriates the computer, and doesn't get the key. You destroy the key, and if this is a court case, you make sure there are no backups they can restore from.
b) that's about it.
I like the idea of encryption being on a laptop hard drive, and there's a USB key for it (I'm hoping the 10.3 version of OS X's user directory encryption is not just password/passphrase enabled, but lets you use a CD-Key, or something onto the Keychain file and you can be anal and put the Keychain file onto a USB key so it has to be inserted for the home directory to wirk). A laptop is more likely to be stolen and credit cards/passwords/sensitive company information (and if you're like me and work for a company who does Defense department contracts, that can be a big deal).
Otherwise, I'm not sure I fully see the "average" home use of this motherboard to protect from the RIAA finding out what files you have over the Internet, since the hard drive is already being decrypted to give that data over the network. Like I said earlier, it's only use is if the RIAA gets a court order, and you throw the key into the garbage diposal. (Which might get you held up in contempt of court or some such, and then you'll have to hope that Abit doesn't have a backup key of their own floating in their system somewhere.)
I could just be missing the point of the encryption other than a "gee whiz" feature - but that's just me.
52 Weeks, 52 Religions with John Hummel
By following these easy instructions, you too can encrypt your data and swap partitions with Loop-AES. (The instructions are for Linux From Scratch, but they worked fine on my Debian box.) This way, no unencrypted data ever touches the disk; even if your computer is stolen, the thief can't read your data.
I see a lot of people saying that they steal the motherboard then they can crack it, which while possible isn't entirely true. If you would read the information about the board you'd see it's a hardware dongle that stores the key information. Thus, if you buy a new mobo with secureIDE and have the same dongle you'll be able to read the data. It's that simple.
So rather than destroying the motherboard, you just need to store the USB key somewhere other than where the computer is. Pretty straight forward. You can't take the hard drive to another secureIDE computer and have it work without the USB key.
My Slashdot account is old enough to drink...
As I mentioned here, the key appears to be a USB memory stick put into a proprietary SUB port on some kind of daughter card. There's a diagram here.
US Democracy:The best person for the job (among These pre-selected choices...)
I've seen some high-security encryption keys that you basically keep on a keychain with you all the time. They have a "panic button" on them that destroys (either electronically, or physically) the internal memory, making recovery of the encryption key impossible.
Although I havn't seen them, I'd imagine it would be easy to make one with a built-in clock of some sort, so if you didn't correctly utilize the key every so-often, it would automatically self-destruct.
Of course, they're probably rather more expensive than what ABIT is proposing.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
The IC7-MAX3 is tuned up and ready to rumble. With ABIT's Game Acceleration Technology, users have the choice of three performance modes: Turbo, Street Racer and F1 to boost performance up to 17%.
Ok, maybe it's not a marketing lie. But. How seriously can you take anything with the settings 'Turbo', 'Street Racer' and 'F1'?
Also, here's the key.
Not going to stop the RIAA from catching you (although they'd have difficulty decrypted the drive once they did I guess), but looks moderately useful for protecting a harddrive from theft. I'd love one on a laptop. If someone stole it in an airport or somesuch - at least they couldn't get my data without some effort.
I write code.
Hmm, don't mind me while I keep using a software solution...
/home on my laptop. Otherwise you're SOL...
: //loop-aes.sourceforge.net/loop-AES.README - see example 4
Loop-AES is trivially ease to set up under linux,
and you can have it require a GPG key etc that live on a USB keychain.
If you have my keychain, and you know the password, you can mount
http://sourceforge.net/projects/loop-aes/
http
Something you have and something you know...
A little more info:
It looks like this (physically) small key plugs directly into the encryption/decryption chip (the interface looks like a USB plug but the picture doesn't show it well; the interface itself has a 4 pin header though).
It looks like to boot your computer, the key needs to be there. So make sure the police never show up while you are using the computer, never keep the key on you and keep your case open all the time so you can attach/detach it easily?
Nice idea though. Just not entirely practical.
Nope. You have to click on the article, and click on the "Secur" picture. THere you will see that the drive connects to a daughter-card thingy, that also has a USB connection, and at the end is a USB keychain--which has your special key.
Why are there only 19 people folding@home for slashdot?
Looking at their user manual, and specs, here are some corrections to your post:
- No special motherboard needed. This thing plugs in between the ide cable and the driver.
- As with all encryption. Lose the key and you're the proud owner of a high tech paperweight. Not unique to this connector.
- I suspect they mention fdisk because it's commonly used. It's a transparent encryption system, so
card + drive = normal drive
They're just saying to reformat the drive after putting the adapter on.
- Any file system/operating system will do. "Device driver free" too. Again, they're just saying you have to start over.
Also worth noting:
- The encryption card can use an extension cable get the dongle to the outside of the case. So no, you don't have to pop the cover each time you walk away.
- Once you boot up, the key doesn't need to be in any more.
- They give you a backup key too.
You are checking your backups, aren't you?
Acting on tips from an anonymous source (*cough* RIAA), U.S. soldiers invaded the homes of many citizens at home and abroad looking for the ever elusive Saddam MP3 FileSharer and his evil co-hort Osama Stole'Music and thier cache of MMDs (MP3s of Mass Destruction).
President Bush re-iterated that the MMDs exist saying, "I know they out there, our intellegence agencies downloaded a few of them last night."
Within the hour, both the CIA and FBI bave both denied that MMDs were downloaded. They go on to say, "infact our servers were hacked and used as a MMD store by the suspected country music terrorist group "Al'abama" "
No comment has been released from the NSA. It is suspected they didn't hear the phone ring on account of the volume the MMDs were being played at the verify the MMDs were *IN FACT* MMDs.
Film at 11.
This is a bit offtopic, but I think it's valuable for anyone wanting to know about encryption - really GOOD encryption when someone's life/freedom may be on the line.
One of the biggest problems with regards to encryption (aside from snakeoil salesmen) is that if someone suspects/knows you're using encryption, they're going to try and get the key out of you. Either by legal means like locking you away in a hole for years until you make with the key, or just resorting to good old fashioned torture to make you cough up the info. Neither option is particularly appealing, so a rather smart solution to the problem was devloped.
Naturally, it's called "Rubberhose" (The website)
The gist of it is that you make a large container file (say, 1gb for example). Inside that container file, are many smaller container files, each one having their own encryption key. You'd have one container with moderate-level stuff that you could "give up" if forced, and another container with the "real good stuff" that you'd get imprisoned/killed if the badguys discovered it.
The interesting way that it works is that in order to get access to the "real good stuff", you need to input the keys to all of the other containers to both decrypt the containers in question, and to fully map the filesystem. No container knows about any other container, nor where it's data is stored inside the 1gb file. Of course the data isn't stored in contigious blocks, and the containers could be fragmented into millions of pieces interwoven with eachother. It's also impossible to "prove" by any means that another container even exists.
So you can open any container and see the info inside it, but all of the containers appear to utilize the entire 1gb of storage space. You never know that anything other than empty space exists in the drive.
It's kind of complex, and I may not have explained it all that well, so before jumping on me, please read up at the website.
It's absolutely elegant, although perhaps not currently easy enough to be utilized by the masses. Still, if I was going into hostile territory, this would be the first thing I got operational on my portable equipment.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle