Slashdot Mirror
Seagate Ships World's Most Secure Hard Drive
An anonymous reader writes to let us know that after two years Seagate is finally shipping its full-disk encryption product, and you can get your hands on it in a laptop from system vendor ASI.
← Back to Stories (view on slashdot.org)
worlds stupidest user with passwords like 'password' :-)
Also how are they using AES? I thought P1619 (XTS-AES) is still a draft. Are they betting it will get adopted unchanged? Or are they using some other thing? Please tell me it's not AES in ECB mode...
Tom
Someday, I'll have a real sig.
Hacked in 3....2....1
gasmonso http://religiousfreaks.com/What makes this the most secure?
Is this really any more secure than dm-crypt? Faster, no doubt, but more secure?
I don't need no instructions to know how to rock!!!!
The article mentions how its on a 3GB/s SATA interface, but that the disk is 5400 RPM. Why bother with the high speed sata? Why not save $$ and put either a PATA or SATA 1 controller? You'll never get even close to 3GB/s- much like you can't get that fast with desktop drives either.
Who knows what this thing is doing inside? They're using AES-128 so you may not have to worry about the encryption algo being unsecure, but who's to say this thing isn't caching the password in some place you don't know about (but that the manufacturer and your country's authorities do)?
Liberty in your lifetime
What's the OS compatibility/driver outlook for this new type of drive?
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
Who cares if this gets cracked by Tuesday, bitches?
The selling point is that the banks wont have to tell you when Bubba leaves his laptop on the CAL TRAIN with your credit card data in standby mode, cause its encrypted!
I feel so safe!
Now i have to change my password again. ;)
it will transpire that ...Los Alamos National Laboratory misplaced a notebook full of top-secret data in which the encryption had never been turned on... ...a Microsoft executive lost a notebook full of plans for dirty ways to undermine Open Source, after sticking Post-It note to the screen to remind him of his wife's birthday, which he used as his password... ...all the scientific data from a major NASA mission costing $1.63 billion were stored on a contractor's laptop, who had encrypted all of it, chosen a good password, never wrote it down, and got hit by a bus without telling it to anyone... ...but NASA was able to recover the data by asking the FBI, which knew the backdoor and had been reading every NASA contractor's hard drive without a warrant.
"How to Do Nothing," kids activities, back in print!
Or the terrorists will win by stealing our porn so we can't watch it and start to fear it!
...I thought so!
What will you tell your children when you are afraid of porn because there is no porn left because it was stolen and consumed by terrorists because of insecure harddrives???
Super; they give it all the encryption it needs etc. etc. etc. then they use a key which will be marked in grease on all of the keys of the keyboard. Why not just provide stick on piece of paper for writing the password down on? That would be easier and lead to fewer cases of employees hands being stolen together with their laptops. Anyway, just goes to show that the important mistakes in encryption are always in the implementation.
If I put one of these in a regular laptop--one which supports DriveLock, but nothing else--can this disk use the DriveLock password as the encryption key?
If that were the case, it would be a simple matter to retrofit existing laptops (which use DriveLock to protect the disks) with the improved security of full-blown encryption. And it could be done without any perceptible changes to the user!
This could be a great product if they just Keep It Simple so that it works seamlessly with the already widely-deployed ATA Security Mode (DriveLock) protocol.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
It's called /dev/null
/dev/null isn't technically a hard drive, but then I'd have no joke, so work with me here!)
Granted, getting data back is a bit, erm, difficult, but write only memory? That's pretty damn secure.
(And anticipating witty responses... I will accept that
Seagate is an American Company. Is it possible for them to provide a secure product without providing a back door for Big Brother to access? Can they be trusted? I'm very skeptical.
The TPM chip securely generates and stores keys for use by the Seagate FDE drive. Barring any backdoors or security holes in TPM itself (which would be a PR disaster for any company), the cost of an attack is prohibitively expensive.
Not trusting it. Get back to work on those 4-platter 1TB disks instead, summer is fast approaching. Those monsters should shift the price ladder down nicely.
Belief is the currency of delusion.
...of the competitors in this market space. Several companies have been doing this for years with good track records. I think these links are still good.
If you want to proect files on your laptop from being accessed by a logged-in user, you need to use something like PGP to encrypt those specific things or define an encrypted folder/partition that requires an additional action to "unlock".
You don't have to use the fingerprint reader, and my understanding is that it's more of a windows-logon thing than a boot-up thing.
However, you could easily design a keypad that makes it nigh-impossible to lift a print. A simple rough textured finish on the top would do the trick.
I don't need no instructions to know how to rock!!!!
Slap one of these bad-boys into a video camera with only the ability to only write/encrypt and then you'll have a tool journalists can use without fear their content will be pilfered by a herd of unwieldly pigs. Only once the cam is back from the field would the data be accessable. This of course assumes the drive uses some sort of PKI, it may be symmetric only, in which case you'd have to add something to generate the symmetric keys from a PKI infrastructure. Performance should still be good with the added PKI module since the internal crypto would still be using the hardware accelerator with the derived symmetric keys.
This is mainly marketing hype. The Seagate drives are now the worlds most secure because they are shipped in a 'Clamshell/Blister Pack'. I dare anyone without specialized tools to access it.
Until the rough finish wears out. Most of my keyboards have the keys worn away pretty smooth. I even have a keyboard at home where the bumps on the J and F keys are almost completely gone. You could also lift a print from the screen, or anywhere else on the case also, not just the keyboard.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
LaCie had a 500GB AES 128-bit hardware encryption fingerprint-biometric (with FireWire 800, FireWire 400, & USB 2.0) like, 6 months ago! Why is this news?
1 0872
http://www.lacie.com/us/products/product.htm?pid=
Reality has a liberal bias
worlds stupidest user with passwords like 'password' :-)
That's a joke, but some people really think that way. Blaming "stupid users" makes them feel more secure or helps them pass the buck for choosing systems with poor security. When you think about it, it's not very funny.
Passive encryption might be a step in the right direction, but I won't trust it as long as the software doing has owners and secrets kept from users. They can point to specs and tell me what they are doing, but that does not mean they are doing that. The owners can break in at will, the keys can be padded with zeros and finally, the owners can make mistakes.
Friends don't help friends install M$ junk.
Come back with a 60 GB solid state version for under $500 and we'll talk.
There will be an instant customer for this - the US Federal government. There is a requirement that all new government computers (or is it just laptops?) have encryption. This past summer, when the VA lost a laptop with client data, they spent over $40 million searching to get it back. In response to this, there is a requirement for encryption.
My highspeed, large-capacity Seagate drive wasn't secure from itself when it decided to critically fail 1 week after warrenty!
I think I discovered a backdoor to the "world's most secure hard drive."
I don't see this as something of great value. Right now I'm working on my laptop which is running FreeBSD under full disk encryption using GELI and AES-256. I have the boot splice unencrypted, that only has the kernel and the boot code, and everything else, including swap, is on the encrypted slice. A slight performance hit due to software encryption? Yes. But is the weaker hardware encryption worth extra money? Not to me. In fact, I would much rather spend the money on a separate hardware encryption solution rather than one which is built-in to the drive. That way, any old drive you may have lying around could be fully-encrypted and used for storing sensitive data. Making this sort of encryption as part of the drive doesn't make sense to me.
On my windows machines it would probably be of more use since I can't encrypt the system drive, but everything else is encrypted via TrueCrypt. In order words, all my data which needs to be protected, is. And like I said before, with software I can use AES-256 which makes me more comfortable than 128-bit. You can probably argue that today it doesn't matter, the latter is good enough. It's more about psychology, I think.
AFAIK, Bitlocker can operate in a mode where the encryption key is kept in a USB flash drive, so it won't boot unless that's plugged in (obviously it still needs a password as well). If you kept that around your neck or something, that could some way to solving that particular problem.
What happens when the flash drive is lost / damaged / worn out may be a problem, though; I hope you can make a backup drive...
What's purple and commutes? An Abelian grape.
The real problem is not designing effective security, but getting people to use it properly. You can start on this by banning PostIt notes from the corporate environment -- or at least make them self-destruct.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
most importantly, it never breaks.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Here I hoped they would have created the most secure harddrive in the world, one who withstand earthquakes, floods, car collisions, and 50+ years of continuous use. And then it turns out that it's just a layer of crypto.
How boring, we can do that in software already....
The Top 10 Most Secure Hard Drives in Existence to date:
1. The world's most secure hard drive is the one not used to contain valuable confidential data (experts question its existence).
2. Doesn't exist.
3. Doesn't exist.
4. A hard drive that contains some valuable confidential data, but remains physically within a datacenter. The OS that accesses it does not share its data with other OSes, and runs the full gamut of controls (prevention, detection, correction).
5. Doesn't exist.
6. Doesn't exist.
7. Doesn't exist.
8. Doesn't exist.
9. A hard drive that contains some valuable confidential data, remains physically within a datacenter, but its OS shares data among other systems whose trust is "unknown" or "uncertain".
And tied for 10th place (by virtue of consolation):
10. An encrypted drive in a mobile device relying upon its user for security.
10. An unencrypted drive in a mobile device relying upon its user for security.
If the "laws of physics" of information security were known, we'd likely see a Newtonian-esque law that says something like (in a more scientific form): "any security system that relies upon a person to use the system correctly will fail [miserably]". What Seagate is trying to do is analogous to defying gravity or creating "information security perpetual motion". It just won't improve the situation for anyone (except perhaps the "checklist security" people who can tell their compliance regulation auditors that they can add a point to their useless overall score).
"Its More Secure Now!", This is the new phrase been use now to market new technology around.lol
Not A Troll!
Hardware keyloggers intercept the USB or PS/2 codes being sent, so they will work for any OS, inside the BIOS, even intercept stuff you typed if the computer is powered off (assuming the switch is still on so the keyboard still receives power that it uses for hot key power on type stuff)
I would assume that it wouldn't be difficult at all to put a hardware keylogger in a laptop in a similar manner. The keyboard probably isn't attached with a standard USB port, but something that sits inline with the ribbon cable would work just as well and it could draw power from there and store everything on a flash chip. Unless you opened your laptop to look you'd never know it was there.
It'll protect against laptop loss, but spooks or snoops targeting you in particular would just have to make an initial visit to your laptop to put the keylogger in place before later returning to either steal your laptop, steal its hard drive, or take a couple hours alone with it to copy your entire unencrypted hard drive.
There doesn't seem to be much info round here so here's the key points ...
The data on the hard disk is encrypted using a completely random key.
Each sector of the disk is encrypted with a different key, derived from the random key and the sector number.
The random key is stored, encrypted, on the hard disk.
There is a small piece of space at the start of the disk that is unencrypted.
A Seagate provided boot sector starts up and asks for a password.
The password MAY be used to decrypt a random password stored on a USB key.
Either the entered password or the random password from the USB key is used to decrypt the random key that the hard disk is encrypted with.
The random key is given to the hard drive firmware and the hard drive decrypts the drive sectors.
The boot sector then executes the 'real' boot sector of the hard disk to boot ANY OS.
If the OS doesn't know about the encryption APIs all it ever sees is the decrypted data.
The 'managment' features are achieved by having other copies of the random drive key encrypted with different user passwords or USB keys.
All this can be done in software BUT then would require driver support from the OS. The Seagate drives do NOT require encryption support from the OS.
You can be 100% sure that the encryption has a backdoor that NSA and the US Government has a key to!
You don't mean to tell me, that in a time with terrorism and where the Government wants to listen in voIP and email, that Seagate is allowed to make a secure harddrive, that protects the consumer/possible terrorists data?
No, these disks is wide open to NSA, just like Windows have always been.
In my experience, Seagate SCSI drives have a short MTBF. So there you have it, security because the data is lost and not even the rightful owner can access it. Hahaha.
Ok seriously, I did not RTFA and don't plan to. My guess is it is all hype and probably not something easily feasible for the wide spread market at large.
I am not saying I disagree with innovation or the concept in general, just that I doubt this will be a real mind blower of a product, especially in its initial implementation.
Just my -$.02
ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
> On my windows machines it would probably be of more use
> since I can't encrypt the system drive
You can, using DCPP
Full disk encryption and file encryption (PGP) defend against different attacks. You need both.