Slashdot Mirror
Seagate To Encrypt Data On Hard Drives
Krishna Dagli writes "Seagate, using their new DriveTrust Technology, will automatically encrypt every bit of data stored on the hard drive and require users to have a key, or password, before being able to access the disk drive."
FTA: Though DriveTrust is proprietary.... Not much use unless it's published and described - unless they do that most serious users are going to discount it. I hope it's actually robust though as there will be an awful lot of people relying on this for home use. How many of them are going to have that nice warm fuzzy "I'm safe" feeling and therefore not bother with all the other good things like patching and spyware-awareness etc.
Good thing people have backup systems in case their mobile computer gets stolen or faces some other mishap.
Really, if you've got valuable enough data to be encrypting it, you'd be nuts to not have it properly backed up as well. Though I guess bad decisions happen...
There was a technique that was described on Slashdot a while ago that allowed you to turn over some crypto keys and it would decode a little bit more of the disk each time. That way, your opponent is never sure you have handed over all the keys and it makes it possible to hand over just enough keys to convince a judge. It would be nice if this drive supported that technique so that you would turn over just the first key if taken to court.
Avoid Missing Ball for High Score
This is one more step toward owning a computer you no longer control.
n opoly)
It's not about end-user encryption, it's about the OS using encryption in some form to eliminate your personal freedoms.
The price will be right though, so most users won't know or care.
The DRM noose around the average user's neck is being sold like a nice, new necktie. Most users will have one in 3-5 years. Then it is only a matter of tightening the noose. If you want it loosened, pay and pay some more.
Finally, there is no market mechanism so the price of loosening the noose around your neck is made by the producer. (A price maker: http://en.wikipedia.org/wiki/Monopoly#Coercive_mo
If you value your personal freedom, you will switch to something freer, then you will tell your friends and help them to do the same. Perhaps a Linux or BSD desktop is a good start.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
And they will thank you and subpoena Seagate for the encryption key. I suspect they will try to be functionally compatible with the current hard drive password commands used commonly today, and that means the actual key would be stored permamently on the controller board, encrypted using your password, but if Seagate chose to retain that key themselves, you could still be in a world of hurt.
If you actually care about protection from governments, legal actions from private parties, or malicious foreign entities that may otherwise acquire keys that Seagate program onto drives, you'd have to use a mechanism where you know the key isn't provided by an external party.
Note this is based on assumptions (article was light on details), but based on what I know about the industry, the encryption being always-on and the actual key encrypting the data being static per drive seems a likely outcome, as it satisfies most all business needs with the least amount of effort on laptop manufacturers and IT departments that use hard drive passwords in the present.
XML is like violence. If it doesn't solve the problem, use more.
I think encryption is better done in software, such as with GPG. Then at least we can read the software code, rather than relying on black box technology.
I also am concerned about the DRM implications of this. Could for instance, in the future, the disk perhaps allow Windows to request that an NTFS filesystem be locked and Linux not be allowed to access it? Could this be used by Microsoft to lock open source programs out of reading data from other programs?
Whenever you see the word "trust" in name or catch-phrase for computer hardware these days, to tell whether it's really for security or whether it its for a DRM scheme, you have to ask, Who is trusting whom to de what?
To meet any reasonsable security policy one would need a "yes" to each of the questions: Is the source code for the encryption routines provided? Is a complete API provided? And can the owner of the hardware verifiably replace every digital key in the device?
If the answer to any of these is no, I would have to assume it is backdoored and maybe part of a DRM scheme.
This is actually a very good point.
All of these solutions are mostly aimed at PCs used by users right at the local console, but I could see a lot of good reasons for wanting encryption on a server, or other colocated computer. Or maybe I just want to make sure that my desktop workstation doesn't hang forever after a power outage, waiting for someone to put a password in on its local console.
It would be nice if there was a way to mount one of these drives by giving it a password over a secure networked connection.
I guess the way to do it would be to put the root filesystem (hopefully not containing any sensitive data) on an unencrypted drive/partition, and then letting the machine boot from that, and then prompting for a password when it wants to load the drive or partition that contains user data (/home or whatever you prefer). Maybe you could keep a small solid-state flash drive that would maintain a minimal system, just enough to boot the machine and provide network services, and then from there allow you to mount the hardware-encrypted drive. That wouldn't require you to have two complete drives.
Alternately, maybe one of those drive+flash combo units that they're talking about pushing now, could offer features like that. Keep enough of the system on the flash (unencrypted) to bootstrap the machine to a point where you could safely authenticate remotely, and bring up the encrypted portions of the drive.
On Windows systems that mostly keep the user data on the same drive and partition as the system, I don't see an elegant way to do this. But I guess that's just a reflection that no matter how many ways you try to dress it up, Windows is really designed to be a single-user, locally-operated system, at least in most configurations and common flavors.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Umm, I'm guessing people who realized it was insightful.
The closest the US gov't has come to regulating the domestic use of encryption was the aborted "clipper chip" fiasco. Traditionally government spooks have relied upon the eggheads at the NSA to be one step ahead of civilian encryption, not secretly leaning on manufacturers to force them to put in back doors.
Riiiiiight. And I'm guessing they take encryption a lot less seriously than paper printed on laserjets. Right? You know, where they are in bed with the inkjet/laserjet printer manufacturers that secretly print out the serial number of the printer, and the date on each page they print.
If you think the government is worried about counterfeiting, but not encryption, I've got a bridge to sell you.