Slashdot Mirror
Seagate To Encrypt Data On Hard Drives
Krishna Dagli writes "Seagate, using their new DriveTrust Technology, will automatically encrypt every bit of data stored on the hard drive and require users to have a key, or password, before being able to access the disk drive."
1. Encrypt Data
2. ???
3. Profit?!?!
Seems unlikely.
Would Seagate really attempt to market a drive that was going to protect pedophiles and terrorists? (Not to mention us ordinary citizens who don't wholly and utterly trust the organs of the state to act systematically in our best interests.)
If so, it's a brave move. But somehow it just seems so unlikely...
My blog
Laptop computers with DriveTrust-based hard drives would prompt users to type in a password before booting up the machine. Without the password, the hard drive would be useless, Seagate officials said.
Even data-recovery specialists would not be able to help if the assigned password somehow gets lost, said Scott Shimomura, a senior product marketing manager at Seagate.
Good thing passwords are never forgotten.
Your hair look like poop, Bob! - Wanker.
We are the FBI. Give us your password/id/key to access your pirate files or daddy RIAA will get really grumpy.
DriveMisTrust sounds more like it.
FTA: Though DriveTrust is proprietary.... Not much use unless it's published and described - unless they do that most serious users are going to discount it. I hope it's actually robust though as there will be an awful lot of people relying on this for home use. How many of them are going to have that nice warm fuzzy "I'm safe" feeling and therefore not bother with all the other good things like patching and spyware-awareness etc.
Take that MPAA....and RIAA...and NSA....and every other person who wants my bits.
Absolute power corrupts absolutely. indymedia
Didn't Seagate make a big deal about their Momentus FDE drives about 18 months ago? When are we actually going to be able to buy the damn things?
Never ascribe to malice what can be adequately attributed to ignorance. -Napoleon
Now there'll be an added layer of confusion for computer thieves. Which of these yellow post-it notes with I.M. Anidiot's laptop case is the password for his login, and which one is the password for his disk drive? :P
DS
so, is DriveTrust a new type of filesystem, or is it something separate? the article didnt specify.
The news should be that this was announced some time a go, but is still delayed. I've been reading press releases (such as this, sadly undated example) since March of this year (yes, almost 8 months a go). No release date given in the article provided by the submitter, but I've heard rumours of Q2 2007.
This should be good when it's released, but I've long since stopped holding my breath.
Watch out when looking at disk protection software. Some companies, like Maxtor, sell security functionality (called DriveLock, among others), which is really just "ATA Security Mode." This is NOT encryption, it is a feature of the disks circuitry whereby the drive will not output any data until the "password" has been provided. Some drives even ship with default master passwords included. Maxtor's product even includes a "I lost my password!" feature, making the security of the product completely worthless.
To all but the most critical of consumers, the marketing of this technology would cause the misconception that encryption is being used.
Until this product hits the market, software like TrueCrypt is the only way to have real disk encryption.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I've been using OS X's FileVault for years, which does the same thing, basically, though it only encrypts the data in my home directory (so applications themselves and the OS remain unencrypted). But with fully encrypted file systems available, it seems to make more sense to keep the flexibility of constantly evolving encryption methods than restrict yourself to whatever's built into the drive.
Since I'm presuming password support has to be built into the OS anyway (you don't enter the PW right into the drive, do you?), can anyone see a reason why having this done by the drive and not the computer is a good idea? (saving CPU cycles? Isn't that negligible?)
Because I don't want the added lag of hardware en/decryption with every write/read.
Because I don't want one more password per computer that I, as an IT admin, need to keep track of.
Because I don't want even the operating system, swap, graphics, and music files encrypted.
Because new technology like this *never* causes any issues with the system's operation.
No, not in my IT department.
----- Connection reset by beer
WOOOOOOOOHOOOOOOOOOOOO!!!! Oh, sorry...I suppose it could be an issue when someone forgets a passphrase, but he, wtf, you have to reformat your drive constantly anyway, what with running a OS that gets corrupted and will not boot, so why not just encrypt it? Problem is, is this some proprietary encryption or something that is not security by obscurity? If so, will the user be liable for the software licensing or will that be provided when the drive is purchased?
"My immediate reaction is "WTF? What kind of moron doesn't make things 64-bit safe to begin with?" Linus
See subject.
... you can hand it to them with a grim smile on your face!
So say we all
control panel, system, hardware, device manager ... ( i dont know, but it would make sense if they wanted to make a failsafe default )
If you can't circumvent that, then the data on the drive becomes useless after John Luser forgets his password. If you can, then the thieves can too.
I don't need a harddrive that I could accidently lock myself out of.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
I probably wouldn't want to put any system partitions(e.g. C: in Windows, /boot or /var in *nix) on disks like this. But I can see it being useful for partitions dedicated to storing data. It's not obvious from TFA that whether it can be used in external HDs. It'd be great if I could carry arround a 2.5" 60G disk with "all my stuff" on it, without having to worry about the risk from leaving it behind.
Tyranny isn't the worst enemy of a democracy. Cynicism is.
1. Use Stolen Template
2. ???
3. Gay!!!!
...they can rot for all I care. There's plenty of stuff out there which targets power users that people who forget to plug their computer in could never handle, this is just going to be one more. That said, you know the feds are going to have the "master password", because if there's one thing that's bad, it's liberty. That is my main concern.
I bet that there's some sort of chip reader that one could build to pull passphrase for were it's stored in a chip on the board. that or pull the platters and stick them in a friendly drive. Or brute force it. I doubt that they can keep government data guys out no matter how hard they try. And if govt guys can do it, so can someone who will post a fix to the net.
Suck a lemon?
This doesn't provide protection while the system is running. It is transparent. It only provides protection when the machine is powered off or when the drive is unmounted.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Now, how long before we encrypt all data transferred on the net?
It only partially protects the user from RIAA.That is to say,if RIAA were to seize a hard drive,they would require the password to see the data.However,when the user is working on the hard drive(or has torrent turned on),RIAA will still be able to access the disk through internet and take take snap shots as usual.
Wincopy
Unless you're handing classified information, have employees take home thousands of credit cards on laptops, or thousands of medical records on laptops you're probbably not really the target for a drive like this.
If your company does handle this kind of data (or worse), maybe you should be re-examining your role as a sys-admin or manager. It's not all about making your life easier you know. There are of course risks and costs to maintaining a database of passwords, small performance costs for encrypting/decrypting the HD, and possible incompatibilities. There's also risks and costs associated with someone losing the laptop and the big headlines in the newspaper about how your company now looks like a bunch of ass-hats for losing 200,000 CC #s, 50,000 medical records, etc. Security and administration is about managing risk. If the overall risk is lower with this drive (and the price is right), you do it.
AccountKiller
There was a technique that was described on Slashdot a while ago that allowed you to turn over some crypto keys and it would decode a little bit more of the disk each time. That way, your opponent is never sure you have handed over all the keys and it makes it possible to hand over just enough keys to convince a judge. It would be nice if this drive supported that technique so that you would turn over just the first key if taken to court.
Avoid Missing Ball for High Score
This is one more step toward owning a computer you no longer control.
n opoly)
It's not about end-user encryption, it's about the OS using encryption in some form to eliminate your personal freedoms.
The price will be right though, so most users won't know or care.
The DRM noose around the average user's neck is being sold like a nice, new necktie. Most users will have one in 3-5 years. Then it is only a matter of tightening the noose. If you want it loosened, pay and pay some more.
Finally, there is no market mechanism so the price of loosening the noose around your neck is made by the producer. (A price maker: http://en.wikipedia.org/wiki/Monopoly#Coercive_mo
If you value your personal freedom, you will switch to something freer, then you will tell your friends and help them to do the same. Perhaps a Linux or BSD desktop is a good start.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
It seems to me the only people who really need this and happy about it are already or should be using truecrypt and the like. If only a niche market has embraced the current technology, shouldn't that be a tip-off that we don't want it shoved down out throats?
I'll take one for my laptop and several for my desktop machine (which sounds like it's not currently avaialble) as long as it is transparent to the OS and doesn't kill performance.
I deal with a lot of my customer's data from time to time and it would be nice to have extra safeguards in place IF my laptop or desktop machine was stolen. It would also be nice to be able to protect all my source code. Just because they can't log into the OS doesn't mean they can't copy the data off the drive. This would prevent that.
Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
...but allow you to agree to someone else's password, oh, say RIAA,MPAA, etc.
This can keep YOU from accessing the data on the hard drive, you know, the data you gave away your rights for when you clicked that license or bought that TIVO, etc.
Simply couple that technology with Trusted Computing and you no longer control the hardware you payed for.
I am sure this is obvious to those already in-the-know, but is meant as a Public Service.
This is one of those useless measures which only get in the way of the user. Since the passwords are assigned that means somewhere there is a list of them and then you're in to who has access to that list, legitimate or otherwise, and who has access to your hd and pretty much anyone who has access to the hd can get access to the list and unlock the data.
If it was to be secure at all, it would have some kind of flashable encryption that the user could pick from and assign a password of their own. This stinks like a trap to convince less sophisticated users that their secrets are safe when in reality they aren't.
That's just a token handshake between the drive controller board and the IDE/ATA controller. swap the drive's controller board and you could defeat it easily (or look at the platters). This tech actually implies encryption, which may be similar looking end-user wise, but harder to defeat (depending on their key management approach).
XML is like violence. If it doesn't solve the problem, use more.
OF course this will have some sort of back door built into it. Depend on it. Decryption keys for sector data
will most likely be stored on the drive encrypted to a shared secret held by "law enforcement" and all those
letter organizations that want to protect us. What's more, I suppose when something happens to the drive
and you want to recover data from the platters you will have to have it recovered by Seagate at a premium.
Oh and as always another sinister purpose served by that kind of encryption is of course DRM.
How does one encrypt a bit, exactly?
Whether I was a CIO or a Totalitarian government, I'd want a multi-key version, where any of several keys could either unlock the drive directly or make it unlockable with a reasonable amount of effort.
In a typical passphrase/real-key system, where the passphrase unlocks a "real" key (which need not be stored on the drive itself), which unlocks the drive, you can do this by storing two or more copies of the real key, each encrypted with a different passphrase. The CIO or dictator can maintain one copy, or if the copy is stored on the drive, he knows the passphrase. Of course the CIO passphrase for company A will be different than that of company B.
To make things a bit harder on the CIO or dictator, the 2nd copy's "real passphrase" can be a combination of the "backdoor passphrase" plus a handful of characters from the user's passphrase to make breaking in non-trivial, but doable with a few days of brute force. Granted, this means both the user- and backdoor- encrypted keys will need to be changed every time the user changes his passphrase, and there's the problem of changing the backdoor-encrypted key when the CIO changes the master password, but those are not unsolvable problems.
So, I'm the CIO of Acme Industries. I order 1,000 computers. I tell the manufacturer that my backdoor passphrase is "Acme Industries Is the coolest industry of them all." One of my user's passphrases is "I work for a lousy company." He's goofing off and I fire him. The "real" backdoor passphrase is "Acme Industries Is the coolest industry of them all. I work"
I should be able to crack that in a very short period of time.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
There have been passwords available to lock access to IDE drives for some time now. While this is not the same thing as encryption I predict the same problems will arise from it, namely that users will lose access to their own data. When this happens you will have several choices:
1) Contact Seagate and ask for help. They'll tell you it's impossible to access the drive. After all, it's much better for them if you have to purchase a new one.
2) Contact some 3rd party service that is able to crack the drive. Since your data is at ransom it will cost considerably more than the price of the hard drive.
3) Chuck the drive in the trash and curse the mother**cker who thought up this scheme to "protect" you.
Seriously. Having encryption as an option is one thing. Turning it on "automatically" is just bad.
We'll see if it's A) a real verifiable encryption standard being used and B) if they keep a back door open. The article hints that there is no "master" password and that if you lose your password your toast. If that's true then great, if not then this technology isn't worth a dam.
If on the positive side this does work as advertised then boy is there going to be a lot of teeth gnashing in the Fatherland.
If you wanna get rich, you know that payback is a bitch
Given that:
Without the contents of the drive, the burden of proof gets a lot harder for the plaintiffs, who must then prove that the MAC wasn't spoofed, etc, etc. This wouldn't necessarily break their case against you, but it would sure make them work for their money -- a lot harder than they would have otherwise. They may even decide it's not worth pursuing and go for lower-hanging fruit instead.
Where am I wrong in my reasoning here? Do civil suits not allow use of the 5th amendment protections? I know most of these suits are civil suits, but I also know that some people are being charged as criminals (e.g. that bittorrent admin that just went to jail).
As an aside to those who assume a backdoor key: Doing linux filesystem encryption on top of this encryption would help mitigate this as well. That way they need to get *two* keys out of you in order to prove anything, and Seagate's hypothetical skeleton key doesn't help much.
It also might be nice to have that filesystem key stored on a USB key or something that's relatively hardy, but easily destroyed, making it impossible to recover it even if compelled to do so.
and thus avoid the hassle.
First, the FEDS will require an NSA-type back door so that they can decipher the terrorists latest plots.
Second, unless you require a password for every HD sector accessed encryption will be just another pseudo-security pacifier, but making HDs more expensive - READ: more profits for HD manufacturers.
Third, blackhats will crack it in record time. The best security is a locked door or a good hammer.
Running with Linux for over 20 years!
I think encryption is better done in software, such as with GPG. Then at least we can read the software code, rather than relying on black box technology.
I also am concerned about the DRM implications of this. Could for instance, in the future, the disk perhaps allow Windows to request that an NTFS filesystem be locked and Linux not be allowed to access it? Could this be used by Microsoft to lock open source programs out of reading data from other programs?
Great, as if hard drives weren't slow enough already - here comes an extra level of slowness to add to the mix. I guess I'll be avoiding Seagate drives in the future.
If I want to do encryption, I'll do it myself with a partition of my own choosing.
Just as the gun manufacturers manufacture guns that are as easily used by psychopaths as they are used by legitimate owners.
Read radical news here
Hey, JustA SlashDotGuy,
How about the Encrypting File System that's already available in Windows XP Pro? Just wondering how the BitLocker is something worth eagery awaiting...
Penny - plain text accounting
The sole application of this device is to prevent duplication of digital media recorded by set-top boxes and digital media players. Any other application you can dream up would work equally well with software based encryption.
This drive is designed for easy implementation of DRM.
If you used it for the personal purposes you suggest, you would simply be forced to reveal the password by court order.
Regardless, simple passwords are easily brute-forced, so this is really just a check box to help them differentiate themselves in the cut-throat business of commodity drives.
Tuesday, April 05, 2005o nst.html
Seagate Demonstrates DriveTrust
http://www.managingrights.com/2005/04/seagate_dem
perhaps they aren't selling that well, so they keep spinning it as "new" in press releases.
Soon manufacturers will start to use these capabilities to lock-in customers to their branded overpriced parts - the key is embedded in the BIOS, which is validated by the TPM module on boot. As Mr. Shimomura put it, "We believe the entire industry will benefit from it".
while listening on KCBS on my way to work this morning, an burp length interview with Seagate claims the encryption used is AES.
ELOI, ELOI, LAMA SABACHTHANI!?
This is actually a very good point.
All of these solutions are mostly aimed at PCs used by users right at the local console, but I could see a lot of good reasons for wanting encryption on a server, or other colocated computer. Or maybe I just want to make sure that my desktop workstation doesn't hang forever after a power outage, waiting for someone to put a password in on its local console.
It would be nice if there was a way to mount one of these drives by giving it a password over a secure networked connection.
I guess the way to do it would be to put the root filesystem (hopefully not containing any sensitive data) on an unencrypted drive/partition, and then letting the machine boot from that, and then prompting for a password when it wants to load the drive or partition that contains user data (/home or whatever you prefer). Maybe you could keep a small solid-state flash drive that would maintain a minimal system, just enough to boot the machine and provide network services, and then from there allow you to mount the hardware-encrypted drive. That wouldn't require you to have two complete drives.
Alternately, maybe one of those drive+flash combo units that they're talking about pushing now, could offer features like that. Keep enough of the system on the flash (unencrypted) to bootstrap the machine to a point where you could safely authenticate remotely, and bring up the encrypted portions of the drive.
On Windows systems that mostly keep the user data on the same drive and partition as the system, I don't see an elegant way to do this. But I guess that's just a reflection that no matter how many ways you try to dress it up, Windows is really designed to be a single-user, locally-operated system, at least in most configurations and common flavors.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
What happens when you accidently forget your password? OK if your data becomes inaccessible, your own mistake, but can the drive be reset one way or the other so I can at least still use it, with a new key? Or is your drive good for the scrapheap then?
int main(void) {while(1) fork(); return 0;}
No 5th amendment in a civil suit. You're not being charged with anything. There's not "Guilty" or "Not Guilty" so you can't testify against yourself.
Of course, you can still be slapped with a large enough financial burden to ruin your life and make you sell everything you own; but you can't be put in jail so it's all good -- right?
You can refuse to give up your encryption key, but then you CAN be found Guilty/Not Guilty of contempt of court or violating laws that require you to give up encryption keys. You might try the "I honestly can't remember it" defense THERE though. (The "I refuse to testify against myself that I wouldn't give up the key" defense probably won't work.)
They'll have tens of thousands of users demanding that they "unlock" their drive. If there's no back door, not even data recovery services will be able to help, at any price. If there is a back door, it'll be disclosed eventually
Anyone who really wants encryption won't trust it regardless. I sure won't.
Will we even be able to reformat a drive that we don't know the password? If not, that kills the used computer market. At least now you can reformat and reload your OS if you get locked out.
This seems like something easy to brute force since most people won't use strong passwords anyway.
Regardless, I suspect this will be optional and 99% of users won't enable it. Those who already use a BIOS power on password will use it and few others will. As others have said, the first time someone at a company quit and their data is locked will kill the incentive to use this system.
Ninjas don't carry tic tacs
I understand they can waterboard you for your password now.
How about the Encrypting File System that's already available in Windows XP Pro? Just wondering how the BitLocker is something worth eagery awaiting...
To my knowledge, EFS doesn't allow you to encrypt the entire OS partition. We'd want the entire drive to be encrypted and I believe this is something allowed with BitLocker.
Never forget that all forms of encryption are accessable by the feds. New encryption techniques released to the general public first goes through the spooks. Never forget that!
What's so amazing and new about this? Models of IBM Thinkpads came with an option for encrypted hard drives years ago. I know the Thinkpad 770 did it, because I have one.
And while I'm here, I'll nod in agreement with some of the other posts...especially in this era of George W. Brezhnev and his minions, I don't trust my encryption to anything that isn't open source and peer reviewed.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I'd be worried their encryption algorithm had some sort of back door / administrative override password to let, say, law enforcement decrypt people's drives if they wanted to. For example, Apple's FileVault encryption can be decrypted with at least two separate passwords -- your login password and the "master" password you can set as an emergency recovery option -- so who knows if these drives wouldn't have a master password safely kept by Seagate and available to your friendly neighborhood DHS spooks?
Liberty in your lifetime
You mean this one?
GOP has demanded the author of the above-quoted words be expelled from Congress (which he was not)...
In Soviet Washington the swamp drains you.
OK, so privacy and implication details aside: how does it perform? Since its done in hardware, how much does it slow the data rate?
Things like PGP Disk Encryption, or DriveCrypt Plus Pack all take CPU cycles, and also affect the data transfer rate, both reading and writing.
I'm hoping that the crypto routines are all implemented in a processor on the drive, so you won't take a CPU hit, and it will be fast enough to minimize data transfer issues.
-- My Sig is a P228.
Pedophiles and law enforcement on fishing expeditions aside, is there some way that you could protect yourself from being forced to provide access to your data? Perhaps, a combination of key escrow, biometrics (i.e., fingerprint), or other measures that would effectively make it futile to compel you to surrender your data? For example, many vaults have a time-based lock that simply won't open on demand, so compelling a clerk to surrender the vault's contents is pointless. How might a hard drive be protected in such a way that you could use it as usual, but neither you nor some other party could be compelled by threat of harm or of prosecution to reveal it's contents?
Sometimes I worry that I'll develop Alzheimer's disease, but no one will notice.
I've been using hardware encryption for quite a while. There are nice, as-near-as-I-can-tell-unbreakable products to be found here. They make good drives. While the North American distributors aren't super-duper when it comes to dealing with small orders, if you want a hundred or more just contact the home office. The people there have been a professional pleasure to deal with. And if you need convincing as to the viability of their products, poke around for RFPs in the .mil domain and elsewhere. When you see the U.S. Navy putting up requests for multiples of these drives, you get the idea they're pretty darn good pieces of kit.
Given that a relatively small (IMO) drive from these guys costs more than most computers, I doubt slashdotters will be stampeding in their direction. Still, it's nice to know the hardware is out there if you need it.
Wow ! So you mean to tell me that theese drives just magicly know what to do when it comes time to decrypt the data & send it to the system ?
They don't have to store the process on the drive anywhere ?
Damn, why didn't Microsoft think of this when they put the x-box together ?
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Most U.S. government agencies scrambling to implement the White House directive regarding data encryption (the deadline is already expired) are running toward SecureDoc by WinMagic. I'm elbow-deep in implementation right now.
Encryption is cool, but a bit scan will reveal that there is, indeed, encrypted data on it. This might look suspicious to certain people. What we really need is a drive that saves all my secrets to it but, upon bit scan, will make it look like I'm actually storing recipes on it, or perhaps quotes from famous books.
Investigator: "What did the hard drive forensics turn up? We KNOW he has one of those funky encryption hard drives!"
Officer: "Umm... well, oddly enough, he seems to be a big fan of Danielle Steele and homemade lemon tarts."
Investigator: "This isn't helpful -- we already knew that from going through his garbage."
$nice = $webHosting + $domainNames + $sslCerts
They could someday extend it to have configurable (at setup) number of passwords, so police would never be able to find out if a suspect had given them everything, even if they find truecrypt.
They'll probably just assume they've got all the passwords once they run out of finger and toenails to pull out... all you have to do is resist cracking under torture twenty or so times, and you'll "win"!
Remember kids: it's bad to look like a terrorist when you can be thrown in a foreign jail and tortured for it, mmm'Kay?
IBM has just release something similar for their high end tape drive products, check out http://www-03.ibm.com/servers/storage/enewscast/da ta_encryption/. I know that on their offering the encryption is done by hardware on the drive itself, is the Seagate hard drive similar in this regard?
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
Backdoor? unlikely. First, for drive recovery in case of a failure they will have to provide algorithm for decryption (or simply document it, whatever it is (AES?)). So using a password, data from the platters should be restorable.
:)
This is a big PITA when trying to include a backdoor, as any intentional flaws would be very hard to hide.
And in a case existence of the backdoor is EVER revealed, Seagate would probably be brought to court in coutries like China or Russia.
Second, one password isn't unsecure if encrption is strong enough. Note that it is probably (if they chose sufficiently strong algorithm) impossible to decrypt it during any comprehensible time
Actually, if they monitor changes to the drive on the sector level, they would see the blocks of the hidden volume changing, which would make no sense if they exist in a section of the (outer) TrueCrypt volume that contain no files. And these changes would be visible on a journalling filesystem. So it's recommended you don't use one.
(this is all in the TrueCrypt FAQ's by the way)
We in the FreeBSD world have had AES256 G ELI encryption on disks for a while now... If they can make it faster than the correct methods I'm all for it!
It just takes time. For data to be decrypted again, you need a symmetric key, and that key is either in some BIOS which the govmint will crack or it is hard wired on the chips. Both can be read/cracked. If they want you they will get you.
And no of course I didn't RTFA. Are you mad?
Comment removed based on user account deletion
Dear Seagate:
Greetings from the Department of Homeland Security! This letter is to let you know that in accordance with the anti-privacy provisions of Patriot Act III, all your corporate assets, bank accounts, and properties have been seized in the interest of public safety.
Please have all your executives and engineers report to the nearest GitmoUSA Re-Education center for immediate registration as Enemy Combatants.
Sincerely,
(REDACTED by the order of Acting President Cheney)
This is my post. There are many others like it. If you don't like what you read here, go try one of the others.
...1 bit of data?
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
It's a bit difficult to encrypt every single bit of data, considering the two possible choices.
Seagate? The decider and his goons? HP?
If you're happy and you know it, think again!
Yes, hardware implementations of storage encryption does have advantages.
I've quite a large number of servers that regularly require new HDD's What happens if I only lose 1 of 20 disk array, because the new disk is encrypted and the others aren't, do I have to replace the entire array? Also in a Raid array how do I give each individual drive it's password, or do I have to buy a matched set with the same "key"? Do I now have to go box to box entering "passwords" for startup every time I rebuild a 500 or 1000 box cluster? (Image push) Basically I'd say it's a cute gimmick for laptops but not nearly so useful in the back room.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
"Hi, this is Mike, how may I help you?"
"Oh, uh, I can' access my seagate drive"
"All your disks are belong to us" hahahaha!
You might not trust the product Seagate are announcing, and you might have good reasons not to trust it. In fact I would not recommend anybody to trust this product unless Seagate have done everything technically possible to make a product that can be verified by third parties. At the very least that would require a complete description of which ciphers and modes are being used. (And I do not consider "AES256-CBC" to be anywhere near a complete description).
To be verifiable, they would also have to offer an interface to read the raw data physically stored on the disk without going through the encryption. Some people might see such an interface as a weakness, I disagree. An interface to read the physical bits from the disk would demonstrate, that they trust their own product. If the vendor does not trust the product, why should we?
There are multiple security aspects of storage encryption that worries me, because so far I haven't seen any product getting it right. It seems no product is designed to be truly secure and consider the potential problems. My number one wory about encryption build into hard drives is the way they handle password changing. The obvious (and flawed) way to do it is to use the password to encrypt the key and just reencrypt the key upon a password change. But how can I be sure nobody has been able to get a copy of the encrypted key? People might try to tell me, that I shouldn't worry because it is encrypted. But it would be encrypted under the old password. If there is supposed to be any point in changing my password, it must be done in such a way, that the old password cannot be used to read data I wrote after changing the password. One case of changing passwords is when you change it from the initial default password to your own choice of password. Of course everybody knows the default password, so a key being encrypted under the default password is not any protection.
There are ways to do this securely, even without reencrypting the entire disk. But reencrypting the entire disk might still be the desired solution, as it only has a performance cost when you are actually changing the password. Other solutions can change the password in a fast and safe way, but have a small performance cost on every read and write. And since the reencryption can happen internally in the drive, it does not require CPU power on the host and does not depend on the bus. In other words reencryption can happen at the full speed which the drive can do sequential reads and writes.
Password changing is not my only worry, but it is by far my greatest worry with storage encryptions that come enabled by default. Another problem is that most products use deterministic encryption (and the only product I know using probabilistic encryption use a flawed pseudorandom number generator). Since Seagate are making the drives they can make a minor change to the way the drive works that would eliminate the worst hurdle to probabilistic encryptions. Probabilistic encryption requires extra disk space, there is no way you can fit 528 bytes of high entropy data into a 512 bytes sector. This means that usually you would have to do some tricky layouts of data, that will introduce additonal performance overhead and the risk of data loss if done incorrectly (and is in fact done incorrectly in the only implementation I know about). The solution Seagate could chose was to simply make the physical sectors slightly larger. Actually the physical sectors might already be larger than 512 bytes and contain multiple logical sectors, that would require some considerations to avoid data loss, but that problem is completely unrelated to encryption and is one which all harddisk vendors have already had to consider. If Seagate use larger physical sectors, it means less space overhead for the encryption, because the overhead is a constant that does not depend on the sector size. In spite of this I fear that Seagate has decided to sacrifice security to be able to make drives with a few percent larger capacity.
Of cour
Do you care about the security of your wireless mouse?
...I don't remember why it didn't get implemented but IBM did have working harddrive prototypes with encryption in 2000.
They even talked about HD's with DRM on-board, I don't know what happened to that idea.
So, anyone remember the first Xbox? they already implemented locking (and it was a pain in the butt) Although it is true it wasn't actually encrypted, ends up being the same thing (except for if someone literally takes the disk out of the HDD and tries to read it with another HDD)
The product mentioned in TFA is all about controlling your computer and your data and keeping unauthorised people from abusing it. What kind of crack is the parent smoking?!
The "crack" he is smoking is that he appears to be well informed on the subject, and was almost certainly aware of certain information and facts that did not appear in the TFA.
TFA is essentially a corporate press release, and of course they don't dicuss DRM, and they spin the hell out of it to advertize it as a Good Thing for you. A perceptive reader could have picked up on that fact when the article said:
"Seagate said it has already implemented the technology into one of its drives for laptops and another for digital video recorders. "
Yes... digital video recorders... because of course customers like you and I have been in desperate need of strong cryptographic locking to protect our recording of American Idol when someone steals the harddrive out of our DVR while leaving the DVR unit itself behind.
This Segate DriveTrust system is in fact designed for DRM and it is in fact designed as a component of Trusted Computing, to secure computers against their owners.
Just because a product/technolofy (and the story about it) story does not mention DRM or Trusted Computing does not mean that it is not actually a Trusted Computing DRM system. Companies know that people do not like or want DRM, and that they do not like or want Trusted Computing, and that their products will receive hatred and very bad press from some people if they know about that, so they bury the DRM / Trusted Computing aspect and hype the hell out of the supposedly pro-consumer angles and they abuse the hell out of the word "security. They use the word "security" in a sense that actually means securing the product against the owner, and rely on the fact that people assume that the word "security" is a positive thing for their benefit.
Every two weeks or so, I spot exactly this situation with some product or technology story running on Slashdot. A story on something that covertly incorporates Trusted Computing, and the story completely misses that aspect. In fact I last caught this just 10 days ago in the Networking For Overconvenience story. The story made it sound like it was about fairly boring ordinary pro-consumer networking for home appliances. But as I posted here, I located the technical PDF on it specifying the securit chip and the encryption to be secure against the owner.
The anti-consumer anti-owner Trusted Computing is proceeding full speed ahead. The primary plan to sucessfully deploy Trusted Computing is to do it by stealth to avoid criticism, backlash, and consumer rejection. Countless products and projects are going Trusted Computing based, and burying that fact in obscure technical specification documents and without using the words "Trusted Computing".
It's not paranoia or a tinfoil hat consiracy theory when there is an industry consortium involving hundreds of companies OPENLY dedicated to it. It's not paranoia or a tinfoil hat consiracy theory when the technical specification documents for various products and projects include it. It's not paranoia or a tinfoil hat consiracy theory when Intel and AMD and the new Cell Processor all publically document the fact that they are introducing CPU support for it. It's not paranoia or a tinfoil hat consiracy theory when IBM runs
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
this doesnt work, under torture you will give it out anyway, so...
If you work for one that does you should be telling them to stop such nonsense.
IANAL but write like a drunk one.
On the face this sounds like a great idea. I have one question: what happens to corporate data when an employee leaves or forgets their password? With PGP software, keys are escrowed for disaster recovery. It's great they are performing this in hardware; however, key management is of utmost concern in any encryption scheme. I hope their engineers are examining this.
The article contains a few technical concers. AES is triple-DES; it's a 112-bit scheme, not 128. If BitLocker is encrypting everything on the hard drive, how are users able to boot the computer for the first time or how does the Windows software eventually get encrypted? Looking forward to further reports.
signature pending slashdot approval