Slashdot Mirror
Fujitsu HDD with AES 256-bit Encryption
An anonymous reader writes "Fujitsu today updated its 2.5" 320GB hard disk drive with automatic hardware-based encryption to effectively secure data against theft or loss. According to Fujitsu, the MHZ2 CJ series is the first hard disk drive in the world to support the 256-bit Advanced Encryption Standard (AES). The drive implements the AES hardware encryption directly into the processor chip of the hard disk drive, resulting in more robust security and faster system performance than software-based encryption."
your friends at the NSA ask Fujitsu for the back door.
I'm going to stick with kernel-mode volume encryption.
Maybe this is a sensible design, and there is a software front end to the driver which passes a key you specify to the processor to encrypt data (with all the trimmings; keyfiles, salt, entropy etc), but all the enc/dec overhead is handled on-chip, not in main memory.
Kind of like accessing a TrueCrypt volume on a networked machine, if you catch my drift.
Then again, none of these devices seem to have been thought out properly... I'll stick to TrueCrypt volumes and cheap external drives (which, by the way, are more than responsive enough to access DVD video and high quality OGG audio from).
DVD's I own, and OGG from Jamendo.com, obviously.
Finally had enough. Come see us over at https://soylentnews.org/
10 Years from now will we all be content with the promise delivered with quantum cryptography, traveling the globe with all of our data instantly available with 'unbeatable' security?
Or will it continuously escalate to the point that we start seeing more and more networks running 'off' the grid? Transporting data in person as on-the-fly decryption becomes increasingly prevalent. (Here we come Johnny Mnemonic)
They don't want to tell you, but here's what information they made available: http://www.fujitsu.com/global/news/pr/archives/month/2008/20080421-01.html
"The conventional response to this problem has been the use of BIOS passwords(4) and software-based encryption. Seeking a more robust form of data security, Fujitsu has now developed 2.5" hard disk drives with hardware-based AES encryption using industry-leading 256-bit key.
The built-in AES automatically encrypts all data when storing it on the hard disk drive and decrypts the data when read. Unlike software-based encryption, the key does not reside in the computer's memory. This makes it more resistant to attack and imposes no processing overhead on the CPU, optimizing system performance. "
Let the guesswork begin?
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Hardware based doesn't seem to mean much anymore. It seems to me that hardware based used to mean purpose built hardware to do only one task. Now it means "we put a tiny computer in the hardware." It's only slightly more secure than doing things like encryption on the OS because your just moving the work from one generic processor to another. If some malicious programmer knows what you are doing he/she could just as easily take over that "tiny computer in the hardware" as the CPU.
It's simply security through obscurity.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Presumably, they will just be using the standard ATA password extensions. Instead of just unlocking the device when the password is entered, it would also set the key in whatever hardware device is doing the crypto, and wipe it when the hard drive is powered down.
Note that I have not read the specs, that just seems to be the most logical way to design something like this.
Why have encryption at the hardware level when you can use e.g. Linux's crypto device-mapper tool?
For the crypto in software case, a motivated bad guy can sniff memory to determine the key and method of encryption. To sniff the crypto in hardware takes a bit more effort, but I'm guessing your friendly neighborhood NSA can do it -- if they don't already have a back door.
It's Linux, damnit! Pay no attention to renaming attempts by self-aggrandizing blowhards.
Could using these in a RAID-5 configuration lead to a weakness due to the XOR stripes? Since the parity stripes are a combination of the XOR of all other stripes, and is generated from the plaintext data before the crypto chip, a smart cracker might be able to use it to find a pattern.
Apparently, so is zero.
Seagate has been most active in this space and the most disappointing. Seagate announced their encrypted drives a couple of years ago. Complete vaporware and required a custom BIOS, to boot. Seagate re-announced their encrypted drives about 7-8 months ago. A few of the Momentus FDE drives showed up in retail channels only to go out-of-stock/back-ordered in a matter of weeks. A month or so ago, Seagate showed their encrypted portable drives. Anybody seen one for sale? Seagate announced their encrypted SAS-connected and FC-connected server drives a couple of days ago. Availbility? Only to OEMs. I don't think even OEMs have access to the 1TB desktop disks that Seagate announced months ago and that's the model that home users and hobbyists would scarf up by the truckload if it were only available.
n-Crypt has never answered my emails.
Digisafe has a nice web site but I can't find any place to actually buy the drives.
Lots of other manufacturers, including some of the big ones, have made announcements but nothing has shown up in the retail channels. Even if you're willing to buy a new laptop to get the encrypted drives that are apparently going preferentially to OEMs, actually finding encrypted machines for sale on the web sites of the major players will have you clicking fruitlessly until your fingers cramp. Even the much simpler "bump in the wire" encryptors (e.g. from Digisafe) that are supposed to work with any IDE drive are simply non-existent in the marketplace. The whole range of products from Enova is tantalizing until you realize that you can't actually lay hands on any of it.
For years, I've used Flagstone. They're expensive and insufficiently large. But at least I can pick up the phone and order one of them and, lo and behold, actually receive it in the mail. Given the way the dollar is tanking and the size of the available drives, I'd love to have another choice. Realistically, I don't.
Call me back when I can drop an encrypted drive into my shopping cart at NewEgg. Until then, this is so much supremely frustrating vapor.
You could also just use a hardware encryption accelerator, couldn't you? And that has the advantage of enhancing *all* your crypto, not just the disk-based stuff.
...and significantly increase the odds of the crypto chip becoming a throughput bottleneck all while providing limited expandability.
The reason to do encryption in software is that the encryption can be replaced as existing crypto techniques become thoroughly broken. If you have a chip that does it in hardware, you're permanently limited to a given crypto scheme and probably limited in how long the key can be. Thus, if we conclude in a year that 256 bits really isn't enough, you get to either buy a new drive that does AES512 or switch to software crypto. At that point, you've paid the added expense of the outboard crypto chip, but have gotten little from it.
If you want to design something like this, start by creating a standard for communicating with crypto processors and creating a standard programming language for configuring these dedicated processors to handle various types of crypto. Put the control over the encryption in the hands of the OS where it should be, rather than in the hands of hardware manufacturers many of whom have repeatedly cut corners in their crypto implementations in the past. Do I trust crypto hardware? Not as far as I can throw it. How do you generate a good random number in such limited hardware, for one? How do we know they didn't incorporate a back door master key---two copies of the key that is actually used for encrypting the data, one encrypted with your AES key, one encrypted using a public key for the NSA or the Chinese government or even an organized crime syndicate---if we can't see the source code? How do we know that the AES key is even used to encrypt the data on disk at all and isn't just used as an authentication mechanism like those crappy "secure flash" devices? I mean, this entire concept just has disaster written all over it....
Hardware crypto just doesn't make sense. I trust hardware to do one thing: execute programs. Anything that requires a greater degree of trust should be done in software so that it can be readily audited and subject to verification if desired.
Check out my sci-fi/humor trilogy at PatriotsBooks.