Slashdot Mirror

← Back to Stories (view on slashdot.org)

Seagate Ships World's Most Secure Hard Drive

Posted by kdawson on from the laugh-at-lost-laptops dept.

An anonymous reader writes to let us know that after two years Seagate is finally shipping its full-disk encryption product, and you can get your hands on it in a laptop from system vendor ASI.

28 of 148 comments (clear)

  1. Worlds most secure cipher meet ... by tomstdenis · · Score: 3, Insightful

    worlds stupidest user with passwords like 'password' :-)

    Also how are they using AES? I thought P1619 (XTS-AES) is still a draft. Are they betting it will get adopted unchanged? Or are they using some other thing? Please tell me it's not AES in ECB mode...

    Tom

    --
    Someday, I'll have a real sig.
    1. Re:Worlds most secure cipher meet ... by archen · · Score: 3, Informative

      Actually it appears that it is using a CBC, there appears to be a middle layer that arbitrarily partitions sections that are encrypted and decrypted on the fly. I was pretty skeptical the last time this was mentioned on slashdot, but I have to admit this actually looks like a promising product. I'll wait for some more skillful security experts to evaluate it first, but I'm certainly keeping an open mind on it.

    2. Re:Worlds most secure cipher meet ... by Loconut1389 · · Score: 3, Interesting

      I wonder what sector corruption does in CBC mode then? Lose more of the drive? Or have the used some overhead for extra forward error correction?

    3. Re:Worlds most secure cipher meet ... by this+great+guy · · Score: 3, Informative
      Most good hard disk encryption technologies behave in way that if a single bit is flipped in an encrypted sector, then the whole decrypted sector becomes corrupted (and others sectors around this one are not affected). This sort of behavior is desired and help prevent content leak attacks.

      For example, Loop-AES behaves like this in multi-key-v3 mode where CBC is used with an IV computed from a secret key, the sector number, and plaintext blocks [1..n-1] in the sector. This is also how Microsoft Bitlocker behaves because they combine CBC with the Elephant diffuser. When CBC is not used, this property can be achieved using LRW or XEX, or wide-block encryption.

    4. Re:Worlds most secure cipher meet ... by simm1701 · · Score: 2, Interesting

      actually using something as trivial as password (or passw0rd since many things refuse password when setting one) is not always a bad thing

      Take all these shops that you have to sign up with before buying something, all they store is your address, your email address, your email and on rare occasions order history (the ones that also store credit cards are a different matter but those are less common and I'm not talking about those here)

      Why should I use one of my more secure passwords? I dont like to change passwords too often - it means writing them down.

      I also dont want to use one of my more secure ones (8-16 char upper lower number and other chars) if there is a good chance they are going to be in plain text on the other side.

      So I use something trivial - and I use it on any site where I could not care if someone guesses my password for my email address and finds the same information for me thats listed on whois look ups, half a dozen websites and the phone book!

      On sites that store sensitive information I have other passwords which are much more secure, but I have a separate set that I use within my trusted area - ie servers either I control or I kow the person that controls them so I know how they are stored, I don't overlap the two.

      But yes trivial passwords have their place - ie when you are being asked for a password for something you really could not care less about and they are probably only wanting a password for tracking purposes

      --
      $_="Slashdotter";$syn="OTT";s;..;;;sub _{print shift||$_};s!ash!Perl !;s=$syn=ack=i;tr+LLEd+BLAH+;_"Just Another ";_
    5. Re:Worlds most secure cipher meet ... by J'raxis · · Score: 2, Informative

      This is how Linux's crypto-loop works. The CBC is run across only individual 512-byte blocks of the disk. I think they use the sector number as an IV.

      --
      Liberty in your lifetime
  2. Worlds most secure? by stratjakt · · Score: 2, Interesting

    What makes this the most secure?

    Is this really any more secure than dm-crypt? Faster, no doubt, but more secure?

    --
    I don't need no instructions to know how to rock!!!!
    1. Re:Worlds most secure? by Nutria · · Score: 2, Informative
      What makes this the most secure?

      Because it's the only (publicly available) HDD with *cryption functions built into the circuitry.

      Is this really any more secure than dm-crypt? Faster, no doubt, but more secure?

      Probably not. But simpler for users/admins to put out in the field.

      But closed-source, so we really don't know how well it was implemented.

      --
      "I don't know, therefore Aliens" Wafflebox1
  3. Backdoored? by J'raxis · · Score: 4, Interesting

    Who knows what this thing is doing inside? They're using AES-128 so you may not have to worry about the encryption algo being unsecure, but who's to say this thing isn't caching the password in some place you don't know about (but that the manufacturer and your country's authorities do)?

    --
    Liberty in your lifetime
    1. Re:Backdoored? by Odiumjunkie · · Score: 2, Funny

      > require the OS to supply the password at some interval to a write-only memory.

      Sounds really useful. From what I hear, write-only memory is about as cryptographically secure as it comes.

  4. Oh Goody! by LibertineR · · Score: 4, Insightful
    According to Seagate, any US company that loses a laptop using the Seagate drive in conjunction with the launch security management system from Wave Systems, will not have to give public notification of the loss, even if the data is of a highly confidential nature. This alone guarantees that the technology will find a market given the increasingly costly and embarrassing repercussions of laptop thefts.

    Who cares if this gets cracked by Tuesday, bitches?

    The selling point is that the banks wont have to tell you when Bubba leaves his laptop on the CAL TRAIN with your credit card data in standby mode, cause its encrypted!

    I feel so safe!

    1. Re:Oh Goody! by Nutria · · Score: 2, Informative
      Next step - find out what the minimum passwords requirements are. With a password you're likely to type in every time the laptop boots, you can bet it'll be as simple as possible. For example, if it's 8 latters, must include capital and number, you can almost bet it'll be XxxxxxxN for a whooping 36 bits of security. Almost nobody bothers to type in a password to match the AES strength with any regularity...

      Don't be so sure.

      I had to install PGP Desktop and encrypt my laptop's HDD, and when it asked me for the pass phrase, there was a "strongness" meter that increased the more and more random the pass phrase. Using a combination of upper & lower-case letters plus , it wouldn't accept anything shorter than, IIRC, 18 characters.

      --
      "I don't know, therefore Aliens" Wafflebox1
  5. And in next year's news... by dpbsmith · · Score: 5, Funny

    it will transpire that ...Los Alamos National Laboratory misplaced a notebook full of top-secret data in which the encryption had never been turned on... ...a Microsoft executive lost a notebook full of plans for dirty ways to undermine Open Source, after sticking Post-It note to the screen to remind him of his wife's birthday, which he used as his password... ...all the scientific data from a major NASA mission costing $1.63 billion were stored on a contractor's laptop, who had encrypted all of it, chosen a good password, never wrote it down, and got hit by a bus without telling it to anyone... ...but NASA was able to recover the data by asking the FBI, which knew the backdoor and had been reading every NASA contractor's hard drive without a warrant.

    --

    "How to Do Nothing," kids activities, back in print!

    1. Re:And in next year's news... by malcomvetter · · Score: 2, Insightful

      That makes a good laugh, but in all seriousness, we will likely read headlines like this in the next 5 years or so:

      Financial fraud linked to stolen encrypted laptop
      In the largest online fraud incident in history, experts linked the Personally Identifiable Information (PII) used in committing the fraudulent acts back to a laptop that was stolen over a year ago. Company X denies the experts' allegations saying "the laptop's hard drive was encrypted." Under this premise, Company X refrained from notifying affected consumers as directed by [insert State Law] because Company X believes disclosed encrypted PII is not the same thing as dislosed unencrypted PII. In a press release yesterday, CEO John Smith said: "We were not obligated to notify consumers of the stolen laptop incident because the sensitive information contained within it was not disclosed. We use state-of-the-art hard drive encryption on all of our laptops, therefore it is impossible that this fraud was related to the stolen laptop." Law Enforcement announced today that they have apprehended the suspect who stole the laptop in question and that the suspect has admitted to stealing the laptop's encryption password as well. Details are expected to follow after the crime ring is completely in custody.

  6. real question by Lord+Ender · · Score: 2, Insightful

    If I put one of these in a regular laptop--one which supports DriveLock, but nothing else--can this disk use the DriveLock password as the encryption key?

    If that were the case, it would be a simple matter to retrofit existing laptops (which use DriveLock to protect the disks) with the improved security of full-blown encryption. And it could be done without any perceptible changes to the user!

    This could be a great product if they just Keep It Simple so that it works seamlessly with the already widely-deployed ATA Security Mode (DriveLock) protocol.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  7. Re:3gb/s sata on a 5400 rpm drive? by lukas84 · · Score: 2, Insightful

    Because by now, a 3GB SATA controller is cheaper than a PATA controller.

    Supply & Demand.

  8. Re:Secure like HDDVD? by pv2b · · Score: 2, Informative

    There's a funamental difference here.

    Most DRM hinges on the fact that the content must stay readable, in however limited a sense. In other words, you're giving the encrypted content to the attacker, who also has to have the key in order to use it. The attacker and the intended recipient are the same person.

    When you take away that requirement, encryption actually becomes workable.

  9. Back Door For Big Brother ? by Junior+Samples · · Score: 3, Insightful

    Seagate is an American Company. Is it possible for them to provide a secure product without providing a back door for Big Brother to access? Can they be trusted? I'm very skeptical.

    1. Re:Back Door For Big Brother ? by stratjakt · · Score: 2, Funny

      You're right I'll wait until China produces one. There's a government I trust.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Back Door For Big Brother ? by aadvancedGIR · · Score: 2, Funny

      For the tinfoil community, simply create a circuit to short-cut the battery (or any other low-power incendiary device) in case of wrong password and use a Sony laptop to be able to claim bad luck when the FBI ask you to enter your PW.

  10. Re:3gb/s sata on a 5400 rpm drive? by MightyYar · · Score: 4, Insightful
    Wild speculation here, but it could be one or more of the following:
    • They sell a lot of drives with a lot of different speeds. It might be cheaper for them to standardize on a few chipsets then to buy different chips and have different designs based on the drive's capability.
    • For marketing reasons, they may have decided to always have the latest-and-greatest buzzword on the box of all of their new products.
    • A major customer asked them to use this interface.
    In all, not the strangest decision I've come upon today.
    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  11. The incomplete article is missing any mention... by BenEnglishAtHome · · Score: 5, Informative

    ...of the competitors in this market space. Several companies have been doing this for years with good track records. I think these links are still good.

  12. Re:features (TPM), and fingerprint reader by stratjakt · · Score: 2, Informative

    You don't have to use the fingerprint reader, and my understanding is that it's more of a windows-logon thing than a boot-up thing.

    However, you could easily design a keypad that makes it nigh-impossible to lift a print. A simple rough textured finish on the top would do the trick.

    --
    I don't need no instructions to know how to rock!!!!
  13. Video Camera Application? by mwilliamson · · Score: 2, Informative

    Slap one of these bad-boys into a video camera with only the ability to only write/encrypt and then you'll have a tool journalists can use without fear their content will be pilfered by a herd of unwieldly pigs. Only once the cam is back from the field would the data be accessable. This of course assumes the drive uses some sort of PKI, it may be symmetric only, in which case you'd have to add something to generate the symmetric keys from a PKI infrastructure. Performance should still be good with the added PKI module since the internal crypto would still be using the hardware accelerator with the derived symmetric keys.

  14. No need to blame the user. by twitter · · Score: 4, Insightful

    worlds stupidest user with passwords like 'password' :-)

    That's a joke, but some people really think that way. Blaming "stupid users" makes them feel more secure or helps them pass the buck for choosing systems with poor security. When you think about it, it's not very funny.

    Passive encryption might be a step in the right direction, but I won't trust it as long as the software doing has owners and secrets kept from users. They can point to specs and tell me what they are doing, but that does not mean they are doing that. The owners can break in at will, the keys can be padded with zeros and finally, the owners can make mistakes.

    --

    Friends don't help friends install M$ junk.

  15. Secure from who? by Assassin+bug · · Score: 2, Funny

    My highspeed, large-capacity Seagate drive wasn't secure from itself when it decided to critically fail 1 week after warrenty!

  16. Hibernate by Nom+du+Keyboard · · Score: 2, Insightful
    And how secure is it if you hibernate, rather than shut down, your system? Does all the crook have to do is keep it powered, or do you need to re-enter your password each time you raise the lid? If so, I suspect the password is going to be rather short, and easily guessable.

    The real problem is not designing effective security, but getting people to use it properly. You can start on this by banning PostIt notes from the corporate environment -- or at least make them self-destruct.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  17. Top 10 Most Secure Hard Drives by malcomvetter · · Score: 2, Insightful

    The Top 10 Most Secure Hard Drives in Existence to date:

    1. The world's most secure hard drive is the one not used to contain valuable confidential data (experts question its existence).
    2. Doesn't exist.
    3. Doesn't exist.
    4. A hard drive that contains some valuable confidential data, but remains physically within a datacenter. The OS that accesses it does not share its data with other OSes, and runs the full gamut of controls (prevention, detection, correction).
    5. Doesn't exist.
    6. Doesn't exist.
    7. Doesn't exist.
    8. Doesn't exist.
    9. A hard drive that contains some valuable confidential data, remains physically within a datacenter, but its OS shares data among other systems whose trust is "unknown" or "uncertain".

    And tied for 10th place (by virtue of consolation):
    10. An encrypted drive in a mobile device relying upon its user for security.
    10. An unencrypted drive in a mobile device relying upon its user for security.

    If the "laws of physics" of information security were known, we'd likely see a Newtonian-esque law that says something like (in a more scientific form): "any security system that relies upon a person to use the system correctly will fail [miserably]". What Seagate is trying to do is analogous to defying gravity or creating "information security perpetual motion". It just won't improve the situation for anyone (except perhaps the "checklist security" people who can tell their compliance regulation auditors that they can add a point to their useless overall score).