Slashdot Mirror
Universal Disk Encryption Spec Finalized
Lucas123 writes "Six of the largest disk manufacturers, along with encryption management software vendors, are backing three specifications finalized [Tuesday] that will eventually standardize the way encryption is used in firmware within hard disk drives and solid state disk drive controllers ensuring interoperability. Disk vendors are free to choose to use AES 128-bit or AES 256-bit keys depending on the level of security they want. 'This represents interoperability commitments from every disk drive maker on the planet,' said Robert Thibadeau, chief technologist at Seagate Technology."
Why should this be trustable?
You are being MICROattacked, from various angles, in a SOFT manner.
How can we trust their implementation?
Hard drive encryption doesn't really offer much to a machine sitting in a data center though. The real value is on laptop hard drives where there is a much greater chance of having your machine stolen at some point. Built-in full disk encryption will help prevent the crook from getting at all of your data.
I read the internet for the articles.
If the keys are burned in, are they then supplied to the various law enforcement agencies to make things easier on them?
Understanding the scope of the problem is the first step on the path to true panic.
Because the hardware standard doesn't use your CPU for the encryption and decryption? Specialized hardware will always be faster and use less power to do a specific job than general-purpose hardware like your CPU.
My blog. Good stuff (when I remember to update it). Read it.
Specialized hardware will always be faster and use less power to do a specific job than general-purpose hardware like your CPU.
Not "always", and not "and".
Specialized hardware will usually be faster than the CPU, and will usually yield an overall faster system by virtue of the fact that the CPU is free from those tasks.
However (and purely as an example), Linux's software RAID is faster than many hardware RAID controllers, and a system lacking a dedicated hardware RAID controller very well may use less power than an equivalent system with one.
I thought this kind of talk was over the top, then I read the article.
No reset so that you can repartion the thing? Users are supposed to trust the hardware won't betray them? No way. It's like they are trying to clog landfills with these things.
The whole article reeks of "trusted path" and other defective by design tech beyond the obvious "oops, I forgot the password" inevitability. To be trusted by sane users, the controller boards must come with easy to change free software doing the dirty work. If not, all sorts of malicious features can be hidden that negate all benefits of hardware encryption. These things could turn themselves if "premium" content is ever placed on the drive and then accessed with a "non trusted" OS, for example. Your data is never secure when you use non free software, it is always at the mercy of the software's owner. This kind of "firmware" is something that should be rejected.
Friends don't help friends install M$ junk.
The risk is that the drive may, unbeknownst to the owner, cache and store the encryption keys somewhere inside the drive, either on the media or in nonvolatile memory, making it available to those that know where to find it.
Even if the standard drive firmware doesn't do that, how would you know that the firmware of the drive wasn't modified sometime after manufacture and before purchase to install such a back door?
If you were an agent of some government that wanted to be able to access data on disk drives whose owners believe them to be encrypted, what better way to do that than to either convince the drive vendors to install a back door for you, or to let you tamper with the drives at some point in the process? That would eliminate a whole lot of hassle for you, and there are only a few drive vendors you'd have to subvert.
I think I'll stick to LUKS and dm-crypt. It's not a perfect solution, and it's still possible that someone could subvert my encryption, but doing it in the software I have some measure of control over clearly makes it harder for them than doing it in hardware that I have no choice but to trust blindly.
Am I paranoid? Sure. Probably no one is trying to steal my keys or my data. But the likelyhood of the existence of a back door has NOTHING to do with whether the bad guys (or maybe the good guys?) are interested in my data. Even if no one intends to steal my data today, once a back door exists it can be used against me in the future.
Nothing says you can't use Truecrypt or what have you on top of the hardware-based encryption built into the hard drive.
This way you'll have AT LEAST as much protection as you would've with just your software-based encryption.
- The race is not [always] to the swift, nor the battle to the strong. -
This use-case is more or less dying out though. Because transporting bits across a border by having someone hand-carry them is just too large a risk, assuming it's the kind of bits the government of either country would rather not have crossing the border.
Much better to transmit the bits out, in encrypted form, over some kind of network. Even if there's no internet, you can always do it over satelite-phone or something. Yeah, I know that's like $3/minute, but how many minutes do you need to transmit the ascii-text of an interview or something ?
It's sligthly more of a problem if it's something largish, particularily if it's HD-video though, but even this problem is going away. Even if you're in Iran, it's not very hard to find an access-point with a megabit or more of capacity.
There's no question; the safest way to store "dangerous" bits on your laptop while crossing a border, is to NOT store them on there at all. They can't find what is genuinely not there.
And yet, somehow I don't believe you.
To be more specific, I find it illogical to assume that the NSA would require you to provide them with the keys and at the same time let you talk about it.
Given this, I am suspicious of your claim in the extreme.
"It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
The best RAID coprocessors are made by companies like Intel and AMD. You can find them under names like "Xeon" or "Opteron".
Shamelessly stolen from Alan Cox.
Finally! A year of moderation! Ready for 2019?
How short-sighted is it to tie into one encryption standard? Idiots.
You need to *at least* make various encryptions pluggable and software-upgradeable because I guarantee that Murphy's Law says that once EVERYONE has one of these hard drive, AES will be cracked sufficiently and we'll be back to square one but tied into millions of devices incorporating a useless and obsolete security "standard. It'll be WEP all over again, even down to 99% of people being "assured" that their hard drive is safe, and then finding out the reality.
Plus, the DRM potential is obvious. I thought the ATA standard had the facility to implement disk encryption anyway - isn't that one of the features used on the XBox or something to lock the hard drives to a particular machine? - you have to send a password across the bus as an ATA packet before the drive will permit any access at all.
Read about where the bottlenecks are before suggesting nonsense.
IANAL but write like a drunk one.
I'm not as worried about that as some. Here's how I look at it - if there's a back door, it doesn't matter as long as it doesn't get used. If it gets used even a few times, word will get out. When some ring of baby-rapers gets caught and prosecuted with evidence that was obtained through said back door, word *will* get out.
So what happens then? A million drive purchasers demand their money back. A million businesses that bought the drives because they were guaranteed unbreakable encryption join in class-action lawsuits against the drive manufacturers and resellers, blasting them into legal oblivion.
If I were a drive manufacturer, I wouldn't risk it. The secret would eventually leak and my company would be toast, overnight.
"Disk vendors are free to choose to use AES 128-bit or AES 256-bit keys depending on the level of security they want"
More likely, they will choose based on the power of the controller. Nobody would want less security.
Yes. But even more important to bear in mind is Bruce Schneier's admonition that security is a process, not a product. Far too many people will buy these FDE disk drives, and then blindly assume that since they have bought "security", don't have to do anything else, and that their problem is solved.
That's not a criticism of FDE; it happens with every kind of security-related hardware and software. However, the more security products people buy, the more likely they are to get lulled into thinking that it's a solved problem.