Slashdot Mirror
Fujitsu HDD with AES 256-bit Encryption
An anonymous reader writes "Fujitsu today updated its 2.5" 320GB hard disk drive with automatic hardware-based encryption to effectively secure data against theft or loss. According to Fujitsu, the MHZ2 CJ series is the first hard disk drive in the world to support the 256-bit Advanced Encryption Standard (AES). The drive implements the AES hardware encryption directly into the processor chip of the hard disk drive, resulting in more robust security and faster system performance than software-based encryption."
Why have encryption at the hardware level when you can use e.g. Linux's crypto device-mapper tool? That also allows you to keep certain partition encrypted for privacy and other partitions unencrypted for performance.
320GB is alot of child pornography.
I fail to see how this is useful. The key is stored on the drive... and there are no authentication measures.
Aside from the data bits on the physical platter being encrypted, how is this secure?
Let's hope Fujitsu doesn't take after Microsoft "security" and embedd the private key in a dll of their driver or within the firmware of the drive.
Right, so if the drive is stolen and put in another machine, the AES key is included on the processor, which is part of the drive?
If you post as Anonymous Coward, don't expect a reply.
My question/concern that I've always had with encryption is how can I recover from a crash? On a normal HD, if Windows won't boot (from a bad MBR or a failing drive), I could hook the drive up as a slave to another machine and start pulling data off of it. Is it possible to do this with any full drive encryption (software or hardware)?
I realize that being able to pull data when hooked up as a slave defeats the purpose of encryption, but I would hope that there is some way (maybe with a key created prior to the failure?) to recover.
your friends at the NSA ask Fujitsu for the back door.
I'm going to stick with kernel-mode volume encryption.
640k ought to be enough for anybody...
Way more than enough.
Maybe this is a sensible design, and there is a software front end to the driver which passes a key you specify to the processor to encrypt data (with all the trimmings; keyfiles, salt, entropy etc), but all the enc/dec overhead is handled on-chip, not in main memory.
Kind of like accessing a TrueCrypt volume on a networked machine, if you catch my drift.
Then again, none of these devices seem to have been thought out properly... I'll stick to TrueCrypt volumes and cheap external drives (which, by the way, are more than responsive enough to access DVD video and high quality OGG audio from).
DVD's I own, and OGG from Jamendo.com, obviously.
Finally had enough. Come see us over at https://soylentnews.org/
10 Years from now will we all be content with the promise delivered with quantum cryptography, traveling the globe with all of our data instantly available with 'unbeatable' security?
Or will it continuously escalate to the point that we start seeing more and more networks running 'off' the grid? Transporting data in person as on-the-fly decryption becomes increasingly prevalent. (Here we come Johnny Mnemonic)
They don't want to tell you, but here's what information they made available: http://www.fujitsu.com/global/news/pr/archives/month/2008/20080421-01.html
"The conventional response to this problem has been the use of BIOS passwords(4) and software-based encryption. Seeking a more robust form of data security, Fujitsu has now developed 2.5" hard disk drives with hardware-based AES encryption using industry-leading 256-bit key.
The built-in AES automatically encrypts all data when storing it on the hard disk drive and decrypts the data when read. Unlike software-based encryption, the key does not reside in the computer's memory. This makes it more resistant to attack and imposes no processing overhead on the CPU, optimizing system performance. "
Let the guesswork begin?
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Please excuse my ignorance but I fail to understand how this could be faster.
In a modern day computer the bottleneck is the long term storage (HDD, DVD Rom etc). Memory and CPUs are extremely fast by comparison.
So I don't entirely understand how shifting encryption down the IO bus is really helpful.
Plus by doing so you lose tons of functionality and if the implementation gets "broken" (AES gets cracked) then you are kind of stuck unless Fujitsu are going to release an update back-ported to all of their old drives (and a lot of hardware vendors can't even support stuff from a year ago, let alone several).
Plus aren't laptops designed entirely around keeping the hard drive in almost a zero power state as long as it can?
Hardware based doesn't seem to mean much anymore. It seems to me that hardware based used to mean purpose built hardware to do only one task. Now it means "we put a tiny computer in the hardware." It's only slightly more secure than doing things like encryption on the OS because your just moving the work from one generic processor to another. If some malicious programmer knows what you are doing he/she could just as easily take over that "tiny computer in the hardware" as the CPU.
It's simply security through obscurity.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Presumably, they will just be using the standard ATA password extensions. Instead of just unlocking the device when the password is entered, it would also set the key in whatever hardware device is doing the crypto, and wipe it when the hard drive is powered down.
Note that I have not read the specs, that just seems to be the most logical way to design something like this.
The news.com story says the hard drive doesn't store the key at all. It's figured during the POST process within the hard drive's BIOS config and isn't known to the drive itself when the power is down.
What it sounds like is that if you keep the computer from booting, like a pre-boot password, the drive is utterly useless to a thief. If they can get it to boot instead of staring blankly at the password prompt, the thing will recalculate the key and go merrily on its way.
Hopefully it figures the key on stored CMOS config values so that if you reset the CMOS to get rid of the boot password it'll still not generate the right key.
Could using these in a RAID-5 configuration lead to a weakness due to the XOR stripes? Since the parity stripes are a combination of the XOR of all other stripes, and is generated from the plaintext data before the crypto chip, a smart cracker might be able to use it to find a pattern.
I had this same question, but no. It figures the key at boot time.
Hopefully there's some way to keep the thing from figuring the key once it's stolen, as most people will try to, you know, use the PC as a whole before they resort to stripping the drives out of it.
Seagate has been most active in this space and the most disappointing. Seagate announced their encrypted drives a couple of years ago. Complete vaporware and required a custom BIOS, to boot. Seagate re-announced their encrypted drives about 7-8 months ago. A few of the Momentus FDE drives showed up in retail channels only to go out-of-stock/back-ordered in a matter of weeks. A month or so ago, Seagate showed their encrypted portable drives. Anybody seen one for sale? Seagate announced their encrypted SAS-connected and FC-connected server drives a couple of days ago. Availbility? Only to OEMs. I don't think even OEMs have access to the 1TB desktop disks that Seagate announced months ago and that's the model that home users and hobbyists would scarf up by the truckload if it were only available.
n-Crypt has never answered my emails.
Digisafe has a nice web site but I can't find any place to actually buy the drives.
Lots of other manufacturers, including some of the big ones, have made announcements but nothing has shown up in the retail channels. Even if you're willing to buy a new laptop to get the encrypted drives that are apparently going preferentially to OEMs, actually finding encrypted machines for sale on the web sites of the major players will have you clicking fruitlessly until your fingers cramp. Even the much simpler "bump in the wire" encryptors (e.g. from Digisafe) that are supposed to work with any IDE drive are simply non-existent in the marketplace. The whole range of products from Enova is tantalizing until you realize that you can't actually lay hands on any of it.
For years, I've used Flagstone. They're expensive and insufficiently large. But at least I can pick up the phone and order one of them and, lo and behold, actually receive it in the mail. Given the way the dollar is tanking and the size of the available drives, I'd love to have another choice. Realistically, I don't.
Call me back when I can drop an encrypted drive into my shopping cart at NewEgg. Until then, this is so much supremely frustrating vapor.
I am intrigued. Perhaps somebody should write a boot sector virus which configures an AES password. That way the drive will become a brick with no possibility of recovery.
I'm guessing that most of the drives will be vulnerable to a dictionary attack. Every user will have to know the password, (and be able to enter it correctly), to boot up their machine, and if you forget the password, your hard drive becomes a brick. Enough people will be paranoid about forgetting their password that they will pick something short, simple, easy to remember and easy to type. In other words, they will likely choose a dictionary word of some sort.
If an organization has their IT staff assign passwords to the drive, so they are hard to crack, users will just keep the Post-it note with the password glued to their machine. Either way, a great idea that someone will screw up.
Users - making products insecure since the dawn of time.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
Firstly, AES-256 smacks of a marketing gimmick. AES-128 is perfectly sufficient for anything that anyone wishes to protect; nobody has ever discovered a weakness in AES-128 that would be cause for concern.
Two possibilities: We've seen dramatic weaknesses in md5 and sha1, and it's not impossible that something similar could be found for AES. A reduction from 128 bit security to ~96 or even ~64 bits of security would be a relative disaster; 64-bit ciphers are simply not secure anymore.
Additionally, quantum computers can theoretically break symmetric ciphers in sqrt(n) time, which means that AES-128 could be broken this century. Assuming both a mild algorithmic reduction and quantum computing, AES-256 looks secure until the next century, if not longer.
Also, AES-256 really only takes 40% longer than AES-128 for practical purposes, since AES-128 has 10 rounds and AES-256 has 14 rounds.
Finally, AES-192 and AES-256 are authorized for TOP SECRET classification, while AES-128 is not. That's a pretty big market Fujitsu would be cutting out by only offering AES-128.
The NSA disagrees with you. They require AES-256 for the protection of TS (Top Secret) data. AES-128 is only authorized for the protection of data classified as Secret and below.
Mea navis aericumbens anguillis abundat