Slashdot Mirror
Fujitsu HDD with AES 256-bit Encryption
An anonymous reader writes "Fujitsu today updated its 2.5" 320GB hard disk drive with automatic hardware-based encryption to effectively secure data against theft or loss. According to Fujitsu, the MHZ2 CJ series is the first hard disk drive in the world to support the 256-bit Advanced Encryption Standard (AES). The drive implements the AES hardware encryption directly into the processor chip of the hard disk drive, resulting in more robust security and faster system performance than software-based encryption."
Why have encryption at the hardware level when you can use e.g. Linux's crypto device-mapper tool? That also allows you to keep certain partition encrypted for privacy and other partitions unencrypted for performance.
320GB is alot of child pornography.
An encrypted raid volume on these.
Sorry for being so ungoogley (no time at the moment, stuck working), but how does it work? Does it use a separate hardware decryption mechanism, or some form of driver/software combo?
"We are the music makers, and we are the dreamers of dreams [...]."
I fail to see how this is useful. The key is stored on the drive... and there are no authentication measures.
Aside from the data bits on the physical platter being encrypted, how is this secure?
Let's hope Fujitsu doesn't take after Microsoft "security" and embedd the private key in a dll of their driver or within the firmware of the drive.
My question/concern that I've always had with encryption is how can I recover from a crash? On a normal HD, if Windows won't boot (from a bad MBR or a failing drive), I could hook the drive up as a slave to another machine and start pulling data off of it. Is it possible to do this with any full drive encryption (software or hardware)?
I realize that being able to pull data when hooked up as a slave defeats the purpose of encryption, but I would hope that there is some way (maybe with a key created prior to the failure?) to recover.
I wouldn't trust fujitsu to not turn over the keys to someone with black helicopters, sunglasses and guns.
your friends at the NSA ask Fujitsu for the back door.
I'm going to stick with kernel-mode volume encryption.
640k ought to be enough for anybody...
Way more than enough.
Maybe this is a sensible design, and there is a software front end to the driver which passes a key you specify to the processor to encrypt data (with all the trimmings; keyfiles, salt, entropy etc), but all the enc/dec overhead is handled on-chip, not in main memory.
Kind of like accessing a TrueCrypt volume on a networked machine, if you catch my drift.
Then again, none of these devices seem to have been thought out properly... I'll stick to TrueCrypt volumes and cheap external drives (which, by the way, are more than responsive enough to access DVD video and high quality OGG audio from).
DVD's I own, and OGG from Jamendo.com, obviously.
Finally had enough. Come see us over at https://soylentnews.org/
You won't even notice how well the door is securely locked down!!
- just don't look at the handle closely and ask your friends not to look at the handle closely too.
10 Years from now will we all be content with the promise delivered with quantum cryptography, traveling the globe with all of our data instantly available with 'unbeatable' security?
Or will it continuously escalate to the point that we start seeing more and more networks running 'off' the grid? Transporting data in person as on-the-fly decryption becomes increasingly prevalent. (Here we come Johnny Mnemonic)
They don't want to tell you, but here's what information they made available: http://www.fujitsu.com/global/news/pr/archives/month/2008/20080421-01.html
"The conventional response to this problem has been the use of BIOS passwords(4) and software-based encryption. Seeking a more robust form of data security, Fujitsu has now developed 2.5" hard disk drives with hardware-based AES encryption using industry-leading 256-bit key.
The built-in AES automatically encrypts all data when storing it on the hard disk drive and decrypts the data when read. Unlike software-based encryption, the key does not reside in the computer's memory. This makes it more resistant to attack and imposes no processing overhead on the CPU, optimizing system performance. "
Let the guesswork begin?
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
You can view the official press release for more information.
They claim that the drive generates its crypto key from a password supplied externally. However, they don't explain how it gets this password. I presume from the BIOS, but there's no solid info.
It could be from the OS if the drive isn't intended to be a boot drive, but that would be very strange and limit its usefulness.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Please excuse my ignorance but I fail to understand how this could be faster.
In a modern day computer the bottleneck is the long term storage (HDD, DVD Rom etc). Memory and CPUs are extremely fast by comparison.
So I don't entirely understand how shifting encryption down the IO bus is really helpful.
Plus by doing so you lose tons of functionality and if the implementation gets "broken" (AES gets cracked) then you are kind of stuck unless Fujitsu are going to release an update back-ported to all of their old drives (and a lot of hardware vendors can't even support stuff from a year ago, let alone several).
Plus aren't laptops designed entirely around keeping the hard drive in almost a zero power state as long as it can?
Hardware based doesn't seem to mean much anymore. It seems to me that hardware based used to mean purpose built hardware to do only one task. Now it means "we put a tiny computer in the hardware." It's only slightly more secure than doing things like encryption on the OS because your just moving the work from one generic processor to another. If some malicious programmer knows what you are doing he/she could just as easily take over that "tiny computer in the hardware" as the CPU.
It's simply security through obscurity.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
If the encryption is transparent to the OS, means that if i, dont know, open the disk, extract the plates and read it in some way (dont know how people recover data from phisically broken hard disks), will have all scrambled. But if i take the disk as a whole, and put it in another computer, or under another OS (even booting from USB or another OS, in the same PC) the data should be shown unencripted.
If that is right, well, dont see where this is useful. If the hard disk is stolen, could be used directly, and if not, you will lose your last chance to recover some info from it if broken.
Or you control the encryption from BIOS/1st boot, store some key in your BIOS or somewhat near, and if you put that disk in another machine wont be possible to read it (without a keyphrase?), but still, dont see it to be very useful (if you will steal the HD, well can steal the whole machine unless is somewhat a monster).
The 3rd alternative is that there is some existing protocol to deal with hardware encrypted media in windows/linux/whatever so is somewhat cooperative between both, at least if it supports having unencrypted partitions or you have to boot from somewhere else. But dont know it this exist.
Could using these in a RAID-5 configuration lead to a weakness due to the XOR stripes? Since the parity stripes are a combination of the XOR of all other stripes, and is generated from the plaintext data before the crypto chip, a smart cracker might be able to use it to find a pattern.
Seagate has been most active in this space and the most disappointing. Seagate announced their encrypted drives a couple of years ago. Complete vaporware and required a custom BIOS, to boot. Seagate re-announced their encrypted drives about 7-8 months ago. A few of the Momentus FDE drives showed up in retail channels only to go out-of-stock/back-ordered in a matter of weeks. A month or so ago, Seagate showed their encrypted portable drives. Anybody seen one for sale? Seagate announced their encrypted SAS-connected and FC-connected server drives a couple of days ago. Availbility? Only to OEMs. I don't think even OEMs have access to the 1TB desktop disks that Seagate announced months ago and that's the model that home users and hobbyists would scarf up by the truckload if it were only available.
n-Crypt has never answered my emails.
Digisafe has a nice web site but I can't find any place to actually buy the drives.
Lots of other manufacturers, including some of the big ones, have made announcements but nothing has shown up in the retail channels. Even if you're willing to buy a new laptop to get the encrypted drives that are apparently going preferentially to OEMs, actually finding encrypted machines for sale on the web sites of the major players will have you clicking fruitlessly until your fingers cramp. Even the much simpler "bump in the wire" encryptors (e.g. from Digisafe) that are supposed to work with any IDE drive are simply non-existent in the marketplace. The whole range of products from Enova is tantalizing until you realize that you can't actually lay hands on any of it.
For years, I've used Flagstone. They're expensive and insufficiently large. But at least I can pick up the phone and order one of them and, lo and behold, actually receive it in the mail. Given the way the dollar is tanking and the size of the available drives, I'd love to have another choice. Realistically, I don't.
Call me back when I can drop an encrypted drive into my shopping cart at NewEgg. Until then, this is so much supremely frustrating vapor.
I am intrigued. Perhaps somebody should write a boot sector virus which configures an AES password. That way the drive will become a brick with no possibility of recovery.
It is always good to hear of storage device manufacturers embedding
encryption into their products. However, after reading this article,
there are at least three concerns I am left with regarding Fujitsu's
offering, along with every other offering of this sort.
Firstly, AES-256 smacks of a marketing gimmick. AES-128 is perfectly
sufficient for anything that anyone wishes to protect; nobody has ever
discovered a weakness in AES-128 that would be cause for
concern. Using AES-256 bloats the key size while providing absolutely
no additional protection above and beyond what we already get from
AES-128. Whenever I hear of a crypto product advertising AES-256, I am
suspicious that the company is more concerned with marketing than it
is with actually providing good level-headed security.
Secondly, how "hardware-based" is this product, really? More often
than not, crypto modules are implemented in firmware, and sometimes
they can be attacked, up to and including replacement of the
microcode. Is this an open implementation? How do we know we can trust
it? Is there any kind of key escrow going on? Is the chip using CBC
mode while using a predictable IV? If so, then the drive may be
susceptible to a chosen-plaintext attack. On Linux, we can directly
inspect the code for TrueCrypt, dm-crypt, eCryptfs, EncFS, and so
forth. The users, not the manufacturers, have complete control and
transparent knowledge of exactly what is going on under the
covers. How can we know we can trust the "hardware-based"
implementation shipping on these drives?
Thirdly, the fact that "the key does not reside in the computer's
memory" does not necessarily help you much. Perhaps the symmetric key
used for the bulk encryption and decryption of what goes out to the
disk sectors stays on the drive's processor chip, but what does that
buy you in terms of real security? The entire crypto system needs to
be evaluated around its weakest point, which is almost always key
management. If the BIOS has to send a passphrase to the drive to
"unlock" that on-chip key, then who really cares if it is using
AES-256 or if it keeps the 256-bit key on the drive? An attacker only
needs to attack the passphrase, which is typically significantly
weaker than the 256-bit key, and then simply ask the drive to hand
over its contents.
Some crypto protection is better than no protection at all, but we
also do not want people to buy these drives and then have a false
sense of security. Crypto, like any other form of security, is not
really something you can bundle up and sell as a stand-alone product
to customers. Security needs to be integrated into the entire system,
because any individual component (such as an encrypting storage
device) can be rendered completely ineffective if it can be
circumvented by some action elsewhere in the system.
An unjust law is no law at all. - St. Augustine
From what I read here this device does not add any more security than "software" based encryption (it's still software based, if you think about it). The only advantage is that it relieves the CPU of the tiny amount of clock cycles that it would normally use to do encryption.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
I trust that chip to not have a backdoor in it about as much as I trust my cat to leave the steak on the counter alone. You would be foolish to assume that your data is safe from government or law enforcement eyes.
I'll stick with open solutions. Thanks.
Well, the FBI is concerned about compromised hardware of hostile foreign origin. "The threat is real".
It would be foolish to assume there wasn't a backdoor for someone. The question is who, and why should you trust them? The government? Intelligence agencies? Yours? Theirs?
when I tie you up and beat the crap out of you until you give up your password. I can do it, I'm a big guy and I'm good with knots.
There is a catch-22 -- you either have compatibility , but key management is handled by the HDD, or you have security, but you need external software and BIOS integration. I bet, Fujitsu decided to go with the compatibility. In this case, the encryption key could be recoverable. HexView published an advisory about it back in 2006.
With the failure rates I've seen on Fujitsu drives over the years I'll be giving this a pass. I wonder how much fun these are going to be to recover. No Fujitsu, no Maxtor is what I tell people looking for hard drives.
I'm guessing that most of the drives will be vulnerable to a dictionary attack. Every user will have to know the password, (and be able to enter it correctly), to boot up their machine, and if you forget the password, your hard drive becomes a brick. Enough people will be paranoid about forgetting their password that they will pick something short, simple, easy to remember and easy to type. In other words, they will likely choose a dictionary word of some sort.
If an organization has their IT staff assign passwords to the drive, so they are hard to crack, users will just keep the Post-it note with the password glued to their machine. Either way, a great idea that someone will screw up.
Users - making products insecure since the dawn of time.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
If it's anything like the other 'hardware acceleration' that I've seen lately, like the Ethernet chip that has on-chip checksum verification, but is only single-buffered, so everything comes to a screeching halt while the checksum is calculated. Of course, with fast processors, caches, and multiple cores, it's much faster to calculate the checksum in software.
It's just as easy to lose encrypted data as it is to lose unencrypted data. This is ridiculous.
A orbjhys cluster of these...
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
If you actually went deeper into the story you would see the original original article... explains a LOT more then this.
The first article that was linked makes it sound like this guy is innocent, but if you read the original article in cnet, you will see that the FBI left the link on a known child porn chat area online... advertising graphically child pornography acts that were expect to see.
If my drunk friend sent me a link to this site, then Id be the first to turn my drunk friend in the police.
So the guy who was made out to be the innocent good guy in the aforementioned article, smashed his flash drive and hard drive while FBI was outside his door.
He also had a windows thumbnail file (thumbs.db), on his machine that showed pictures of "pre-pubescent girls" exposing their genitalia.
Now the thumbs.db is created for browsing photos easily - AND ONLY CREATED WHEN YOU RIGHT CLICK AND SELECT "VIEW AS... THUMBNAILS"
This means the man in the article, had PURPOSELY viewed these images before... then deleted the images, but forgot the delete the thumbs.db which contained cached thumbnails of the child porn he was viewing.
This guy did have porn, he was convicted by a grand jury and he was sent to jail, JUSTLY.
If you take them literally:
Ah, so they generate a new key on power-on, and any data written last time, is essentially lost. This drive isn't worth anything for most conventional uses, but would make a great swap, /tmp, squid cache, etc. My laptop's swap works sort of like that (random key each boot), except in software.
Of course, I don't really believe that's what they do ("whaddya mean I lose all my data every boot?!?"). I bet the key is stored somewhere, and how/where is the big question. If it's hashed at power-on from a passphrase stored in the user's brain, I'm impressed. If it's stored in flash RAM, I smell snake oil.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
There is an advantage using hardware-based encryption. That is, the key never resides in memory. Although this has been stated before, it has been understated. There's a million ways to get the key out of the RAM if it persists there (as it has to, for you to run software-based encryption [did you know your firewire ports allow OS-independent memory dumps?]) If this is implemented properly on hardware, there should be no way to get the key off the drive without a passphrase that decrypts the AES key.
/dev/random for my harddrive encryption :)
In nearly all cases, the weakest point of the encryption will be passphrase, if one is used (instead of a keyfile). No matter how you look at it, if a passphrase is used, it is near-infinitely easier to guess that passphrase than it is to break the AES directly. This is why I use a 24-character passphrase generated by
The security is definitely improved (if implemented properly), but may be irrelevant: someone who has the ability to break the software-based solution, probably has the ability to break this one too (keyboard loggers, most likely).
Not to nit-pick, but depending on the number/type of files in a folder, Windows (XP at least) will sometimes set the initial view of the folder to thumbnails.
;)
Like most things revolving around the folder view options, it's unpredictable, inexplicable, volatile and almost totally random, so I can't recommend a good way to demonstrate this. However, copying a handful of photos into a new folder which has never been opened yet, will set the default view to filmstrip., which I believe also creates a thumbs.db.
However, it's Folder View Options, YMMV.
I can understand how this protects you against data theft - as long as you don't keep the password scribbled on a PostIt stuck to your notebook.
But how are you protected against loss? If you data is gone due to a head-crash or theft, it's gone. You've lost it, that that's often a huge problem.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
...is really just ECB.
All's true that is mistrusted
The problem with Fujitsu has always been getting them to warrant their product. Most drives today come with a 3-5 year warranty while Fujitsu and Toshiba have been a stick in the mud selling mostly to OEMs and forcing you to get warranty replacements through the OEM. This means that after a year (in most cases) you don't get a replacement drive if it fails.
I'd rather put my money in Seagate or Western Digital.
You can lead a man with reason but you can't make him think.
http://www.coolest-gadgets.com/20080422/fujitsu-announces-mhz2-cj-series-hard-drive/
Is stated:
Heck, the key used to encrypt and decrypt data is cryptographically regenerated whenever the correct password is received at power-on, and won't be able to be attained whenever the system is turned off
But this suppose special IDE/SATA controller with special BIOS on it. And the human factor (note with password sticked on "smart" place) still remains...
Who's to say that if your friend sent you an MSN message that it was actually your friend sending you an MSN message, an not some virus on his computer sending you a the link. I've seen viruses before that do this. They send you an MSN message saying to go check out this picture of yourself online. When you go to open it, it's actually an exe, with a copy of the virus in it. So unsuspecting users will download, and allow it to run, and get themselves infected. Also, how do you really tell (beyond a resonable doubt) what the picture is in a 100x100 thumbnail image? It could be child porn, or it could be legal porn of a girl with not much of a figure, and shaved body hair. I'm not saying that this guy is innocent, but it seems to me like there's a lot of room for error.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
If you read the article.... it was 4 year old girls. If you have a screen 800x600 (4800 sq pixels) then a 1000 sq pixel image would take up 1/5 of my screen. I would be able to recognize a 4 yr old vs a teen. Now go F yourself, one for being a scumbag and defending the guy, two for not reading the article.
Another attempt at the trusted computer environment, but... why should I trust the hardware/vendor/store?
At least using a regular hard drive with software encryption, if you're smart enough, you can read the code that does the encryption in Linux and and check that it doesn't do anything you don't want it to.
Take Nobody's Word For It.
Organizationally, that's exactly what we did. We use SecureDoc from WinMagic almost universally.
What I'm wondering:
Say your boss decides you no longer need the company laptop, and gives it to Joe to use instead. After wiping your personal data but leaving the OS files, can you simply change your HD's old encryption password to a new one so that Joe can use the laptop? Or are you forced to choose between a total wipe of the HD + OS reinstall or having to tell him your password if you're too lazy/unskilled to reinstall an OS?
1. Full of ads
2. Limited information
3. NO LINKS TO MORE PRODUCT INFORMATION
4. One link to ANOTHER story on that site
Gee, I wonder if "anonymous coward" is also the recipient of those Google adsense checks.
C'mon, Slashdot, don't let this stuff through.
Here is the official press release and here is the official product page. You're welcome.
Anyone know where hardware-based encryption falls in regard to US laws? Doesn't the US have limitations (theoretical, not really enforced) on encryption stronger than 64-bit, or is that just software based?
Fear the penguin.
I don't think they mean loss in the sense you are. Of course, the only way to prevent *data loss* is to use some sort of backup. I think they mean here that the privacy of your data is protected if the drive/laptop is stolen or lost.
I'm not entirely convinced that hardware-based security is necessarily more secure, but as you say, because of the necessity to cache the key *somewhere*, hardware based solutions should potentially be able to be more secure.
I think the main benefit, really, is performance. Why bog down the cpu with decryption, when the drive can do it itself? Also, OS independence. I assume with this thing, during boot you provide the passphrase, and after that it looks like a normal drive to the OS? I might be wrong on that; it might actually be nice to have different partitions individually encrypted, and be able to provide the passphrase at mount time instead of boot time, but that would require OS support to implement.
I thinnk it's slighlty condensed vaporware. Yes, the 'spec' are available, however they won't be 'shipping' for 5 weeks with a projected sales of 2 million units. Probably the only way you could get one would be to mug an OEM and use their account to order 10,000 units. 8-( OTOH we can hope that they do appear for individual sale on well e-tailers. No frickin' clue how they work though It would appear that you can change the key w/o re-encrypting all the data for a fast 'erase'.
Nowadays they got ROT-312 and ROT-624 encryption, most new cpu's can handle that load just fine!
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Kinky!
I am still trying to figure out wether this is a dating advert (for some atleast) or a breach in security..
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
800x600 = 480,000 pixels - surely this would have occurred when you calculated that a 32x32 picture takes up 1/5 of the screen? Besides, how is it scummy to assume someone is innocent when you don't have all the information (which you've said he doesn't)? That seems like a perfectly normal thing to do to me.
If this is similar to such hard drives available with Lenovo laptops, the HD is indeed encrypted all the time and you do not have the key and cannot change it. However, all information is available at the interface of the HD (just not from taking it directly off the platters). So, just by guessing the boot-up password, you have access to all the data. That is why the Lenovo scheme did not make sense to me. Why bother? If I am wrong please correct me.
With software device/partition/file encryption [TrueCrypt] I can trust the source and I control all aspects of the implementation.
Good lord, where did you learn math?
Or rather, why DIDN'T you learn math?
That drive uses ATA security. ATA has been broken for at least 3 years. While it provides good protection against determined thieves, it's not proof against anyone who can write a check to a major data recovery firm. Successful file recovery from locked drives has been demonstrated for at least 3 years.
But I appreciate the effort.