Slashdot Mirror

← Back to Stories (view on slashdot.org)

Self-Encrypting Hard Drives and the New Security

Posted by ScuttleMonkey on from the you-can't-protect-against-stupid dept.

In a recent blog post, CNet's Jon Oitsik has called for a policy shift with respect to data encryption. A new standard by the Trusted Computing Group promises the availability of self-encrypting hard drives soon, leading some to call for immediate adoption. Will this create even more security problems due to lazy custodians, or should someone responsible for keeping your information safe be required to move to the new hardware? Hopefully the new hardware comes with a warning to continue to use other data protection measures as well.

20 of 205 comments (clear)

  1. "Hopefully a warning..." by MaxwellEdison · · Score: 5, Funny

    Oh there's a warning, it's just been encrypted for its own protection.

    --
    -=Bang Bang=-
  2. Propriety Encryption by sheddd · · Score: 5, Funny

    Never has a backdoor!

    1. Re:Propriety Encryption by Shakrai · · Score: 4, Insightful

      You got a funny mod but it should be insightful. That was my first thought......

      Don't worry though, it's for your protection. Think of the children/terrorists!

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Propriety Encryption by dgatwood · · Score: 4, Insightful

      I wouldn't worry about back doors. Given the history of "secure" hardware devices, I'd be more worried about them turning the password trivially into a 64-bit key, using XOR with the key, and storing the key in unencrypted flash for verification....

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    3. Re:Propriety Encryption by hweimer · · Score: 5, Informative

      Actually, this is about a new specification created by the Trusted Computing Group, so it's fairly open stuff. However, I fail to see how this actually solves any of the problems related to recent data breaches. If you lose your notebook with all your data the attacker also gets access to the Trusted Platform Module and can decrypt the disk. If you want to securely transport your data, this is horribly inconvenient as the whole point is to be able to access the data on different machines (which this tries to prevent).

      --
      OS Reviews: Free and Open Source Software
    4. Re:Propriety Encryption by Lumpy · · Score: 5, Informative

      Some people say no but I have seen this in action.

      We had secure laptops here with encryption and smartcard security. Bought all Dell 620's with built in smartcard slot.. all was peachy.

      We tested our security. 9 out of 10 laptops had the smartcard in them in the bag. AND their pin access number was on the laptop somewhere. os the encryption and any login security was overridden by user failure.

      --
      Do not look at laser with remaining good eye.
  3. Multiple security layers by leromarinvit · · Score: 5, Informative

    An additional layer of encryption can't be bad. If it's a good implementation with no critical bugs and backdoors, great, you've just made it harder for someone to get your data. If it isn't, it's still no worse than storing plain text.

    Just don't rely on this as your only security measure.

    --
    Proud member of the Ferengi Socialist Party.
    1. Re:Multiple security layers by GMFTatsujin · · Score: 5, Insightful

      Unless it does something unexpected, such as, say, making it a nightmare to recover files off the drive for legitimate reasons.

      I foresee a lot of IT departments pulling their collective hair out on this one: some Executive Director with a penchant for buying the Shiny New Thing stores mission critical data on a self-encrypting drive, some motherboard component on the computer blows up, and now the hard drive -- while fine -- is inaccessible.

      Yay.

    2. Re:Multiple security layers by Lord+Ender · · Score: 5, Insightful

      No. Worthless security measures are bad for security because they provide a false sense of security. This influences behavior. So bad "encryption" really can be worse than plain text.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  4. self encrypting, probably self-defeating too by petes_PoV · · Score: 4, Insightful
    And the very first thing the users will do is write down the encryption key, so they don't forget it.

    After all, what's the point of having all your data on a disk that you can't access? It's far more likely that the user(s) will forget the key, than for the drive to fail. However, the result will be the same in both cases: inaccessible data and if past experience is anything to go by, no backups (which would also have to be encrypted, again with the isssue over keys).

    Until the average PC user radically rethinks their attitude towards their computers - whether at work or play, this seems just one step too far.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  5. hmm by n3tcat · · Score: 4, Interesting

    if encrypted hard drives become the norm, will authorities be more apt to treat it as a protected right rather than as a method of hiding shit?

  6. I want one with a removable key by davidwr · · Score: 5, Insightful

    It's hard to do with fixed drives, but I want USB drives and memory sticks that come with their own dongle-key that plugs into the storage device, so they key can be separated from the drive. Even better if it has its own keypad or fingerprint reader for authentication. "Something you have, plus something you know."

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:I want one with a removable key by afidel · · Score: 4, Informative

      Biometrics are actually pretty bad from a security perspective, they are a fact which means once exposed they cannot be changed to avoid further compromise. If a biometric system were perfectly implemented this wouldn't matter, but none of them are so it's best to just use a smartcard for the something you have portion.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  7. Lock out vs lose data by uberdilligaff · · Score: 5, Interesting

    While the focus will be on preventing data from being accessed when the PC is stolen, this will come with the rather severe side effect that a significant number of users will irreversibly lock themselves out of all their data by losing/forgetting their pass phrase. Too bad you can't reduce the first problem without increasing the second.

    --
    Against stupidity, the Gods themselves contend in vain. --Friederich Schiller
  8. Encryption != Security by elrous0 · · Score: 4, Insightful

    If it's a proprietary system where some insecure company or insecure government agency has the keys, why even bother? If anything, it's only providing you with a dangerously false sense of "security."

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  9. Really? by fuzzyfuzzyfungus · · Score: 4, Insightful

    I want some of what this guy is smoking. He seems to be under the impression that, because the encryption is handled in hardware, there will be no software to deal with. And what, pray tell, will configure the hardware, and set crypto keys, and hold them in escrow in case of the inevitable forgetting, and change them if needed, and so on and so forth?

    Hardware encryption certainly has its advantages; but if you can't handle deploying software encryption now, I'm deeply skeptical of your ability to handle deploying hardware encryption.

  10. Trusted Computing Group reputation? by steve_bryan · · Score: 4, Interesting

    I hope this proposal is considered with more than the usual amount of skeptical reserve. The name was changed more than once but I'm fairly certain that the "Trusted Computing" group was previously acting as a lackey of the entertainment cartel. They managed to introduce new points of possible breakage making computer based media more prone to failure (e.g. HDCP and the forced failure of expensive monitors purchased by early adopters).

    If this is the same group then you can almost guarantee that they will include backdoors and other nastiness intended to inhibit unapproved behavior by the owner of the drive.

  11. Three problems by Todd+Knarr · · Score: 4, Insightful

    Three problems with the idea:

    1. Transferring media to new systems. I've already seen a case at work where an encrypted laptop drive was fully intact and working, but the laptop it was in was dead and had to be replaced. The drive was a complete loss, because it couldn't be used as the boot drive in the new laptop (different manufacturer) and there wasn't any software that could be used to supply the boot password to the drive when connected by any other method.
    2. Suspend/hibernate. We've found that a lot of the laptop models where I work don't correctly handle returning from a suspend and/or hibernate state. The most common case is that the laptop simply returns to normal operation from the suspend state without requiring re-entry of passwords. Most users simply put their laptop into suspend state rather than powering it down, which means anyone stealing the laptop can completely ignore the drive encryption. Standard Windows screen locking doesn't help much, once the laptop's unsuspended it's network interface is active and it can be remotely compromised and the screen lock disabled.
    3. Law enforcement. If the drive encryption is truely secure, LEOs will insist on having a back-door to let them decrypt a suspect's drive to search for evidence even if the suspect won't give them the passwords. If such a back-door exists, it'll quickly be broken and software produced to gain access to an encrypted drive through that channel rendering the encryption useless.

    #2 can be dealt with going forward in the hardware and OS. #1 can be dealt with going forward with standardized encryption and hardware protocols. #3... is intractable.

  12. If it's self encrypting and self decrypting by Colin+Smith · · Score: 4, Funny

    How will you know if your data was encrypted?

     

    --
    Deleted
  13. Flaws? So what. by manif3st · · Score: 4, Interesting

    Personally, I can't wait for these to become commonplace. I use whole disk encryption not because I don't want my partner/friends accessing my data (my computer's on all the time anyway in an unencrypted state any business documents and porn are tucked away using TrueCrypt), not because I'm scared of LEOs or G-men (they're welcome to my files), but because I don't want some prick burgling my house, plugging in my hard drive to their computer, and posting my photographs and poking around looking for passwords to sell. So bring on the back doors, I can remember my passwords, and anyone with the knowledge to hack the hard drive to get at the data is doing it for more than my photos and old university papers. I can change my passwords faster than they can sell them.

    --
    http://www.collude.biz - Ignore this, it's for Project Honey Pot.