Slashdot Mirror
RSA: Self-Encrypting USB Hard Drives for all Operating Systems (Video)
Tim Lord met Jay Kim at the RSA Conference in an Francisco. Kim's background is in manufacturing, but he's got an interest in security that has manifested itself in hardware with an emphasis on ease of use. His company, DataLocker, has come up with a fully cross-platform, driver independent portable system that mates a touch-pad input device with an AES-encrypted drive. It doesn't look much different from typical external USB drives, except for being a little beefier and bulkier than the current average, to account for both a touchpad and the additional electronics for performing encryption and decryption in hardware. Because authentication is done on the face of the drive itself, it can be used with any USB-equipped computer available to the user, and works fine as a bootable device, so you can -- for instance -- run a complete Linux system from it. (For that, though, you might want one of the smaller-capacity, solid-state versions of this drive, for speed.) Kim talked about the drive, and painted a rosy picture of what it's like to be a high-tech entrepreneur in Kansas.
Shut up and take my money!
To offset political mods, replace Flamebait with Insightful.
How is this different then all the simular systems on the market right now? I use Apricorn drives myself, but there are others using keypads, fingerprint scanners, RFID tokens, etc.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
I didn't watch the video, but I did read the transcript. It's a USB hard drive enclosure that handles all the password entry and encryption in the enclosure. It requires no specialized drivers at all, other than the ubiquitous class drivers for USB hard drives and USB CD drives.
Encryption software needs to be inspectable and verifiable in order to be trusted with anything worth protecting. Closed-source software burned into the firmware of a USB drive does not meet that requirement.
That said, somebody make a programmable USB drive with open source encryption that can be flashed to it (probably with a fused write protect) and *that* would be a compelling product.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
does it have a FBI unlock code?
How about just a flash drive with a capacitive finger print reader, so it needs to be unlocked before it functions as a flash drive?
So that's Ironkey then.
I wonder what sort of advantages there are to being a high-tech anything in Kansas.
Ask Google.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Or I should say, Let's hope the product is more reliable than their MySQL server, which has given up and gone home.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I wonder what sort of advantages there are to being a high-tech anything in Kansas.
First of his neighbors to get Electricity?
Every invention is prototyped in corn first?
You sir, are a clueless moron.
Wow, I guess Kansas residents got lots of mod points today.
Way not to be able to take a joke. I guess I must have struck too close to home.
Is the passphrase hashing into a decryption key to decrypt the data from the drive, or does the controller hold a randomly generated encryption key and when decrypted by the users's passphrase, that is the key used to decypt the data? The latter would be much more secure, especially given that passwords are limited to 31 characaters and apparently alpha + numeric only, no special characters, limiting the key space.
Depending on how computationally expensive the algorithm is, a 31 number-only passphrase could be cracked in a few hours by a GPU accelerated hacking cluster.
Even a 16 character alpha-numeric passphrase could be cracked in a few hours.
The DataLocker site seems to have slashdotted.
Looks pretty interesting, though...
"For every complex problem there is an answer that is clear, simple, and wrong."
-H. L. Mencken
"if the touchscreen is broken, you can take out the drive, put it into a new enclosure and access data using the same password"
1. not salted with any hardware IDs, I take it?
2. sounds like bruteforce can be done on the removed disk, bypassing the whole "wipe after 10 failed attempts" measure in place.
The Aegis Padlock Pro works just fine, it supports over 1TB and it has a SSD version. http://www.newegg.com/Product/Product.aspx?Item=N82E16822161085
does it have a FBI unlock code?
When offered the chance to unlock your shit or be charged with something producing a life sentence which would you choose?
No, you just weren't funny. /not from Kansas //really
Truecrypt is a software encryption implementation. Hardware encryption is superior to software encryption because at least with hardware encryption there is less room for error. Software usually has bugs, one bug in any implementation and its broken. Side channels also can defeat software trivially. Software also isn't usually good at generating entropy so you wont have a good source of that either. Unless you compiled it yourself you can't trust the person who compiled it or the compiler itself not to have a bug or backdoor.
Eastern KS/Western MO are actually pretty good places for high-tech companies. You've got pretty good infrastructure (Google Fiber anyone?) , a good base of educated workers and a much, much friendlier business environment when compared to silicon valley.
Taxation is legalized theft, no more, no less.
I've been using one of these at work for a while, which looks to be pretty much the same thing as the article, except the storage is smaller. The article reads like the new drive is revolutionary!
These devices have a numeric keypad and a limit to the number of digits which means a 15 digit password can be cracked by anybody with a typical desktop computer in about two days.
UDF - Universal Disk Format
Is widely supported, but unlike FAT, it was not designed half a century ago.
So it supports long file name (including UTF8) without the need of extensions.
It supports files with size which don't fit in 32-bits integers.
It supports all POSIX attribs.
Isn't organised around a brain-fucking stupid file allocation table.
etc.
It's the same format as DVDs and Bluerays, so virtually any device able to read them can at least read (or is only a firmware update away from being able to read) USB devices using UDF.
It's of course supported on Linux, on Mac OS-X (sarting from 10.4) and Windows (though on XP it requires 3rd party software for writing, only Windows Vista and up support read/write out of the box).
But of course, because UDF is a strong concurrent to all the proprietary and/or heavily patented alternative that current OS maker push forward (Apple's HFS+ or the worst contender Microsoft's exFAT), everybody is silent about this.
So strangely, you won't see it frequently in the wild *EVEN IF* nothing prevents it now already.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Pardon my ignorance, but does it really matter if it is SSD or HDD, when used via USB (3.0)? Isn't the USB bus itself the bottleneck in this case?
cpghost at Cordula's Web.
Hmmm,,
You mist not live here ... I live in JoCo and if you are young / smart / equality minded / wish to raise children in a non ignorant part of the country - Mary Pilcher Cook / John Rubin .... there is probably every/anywhere else in the country that would be better.
Ohh... and that Google Fiber ... great, great idea ... I had the Shatto ice cream sandwich from a truck a couple of months ago ... and not enough people wanted it in my area - Lake Quivira - to get it going .. so we get Surewest or TimeWarner ...
And ... no ... we may temporarily have friendly business climate until the schools go bankrupt - the State is 700 Million in the hole AND CUTTING taxes ...
Here's how you crack this.
- Buy another one of these drives and gut it. Replace or reprogram the touchscreen controller, and stuff a GSM modem in there.
- Program the controller to act like an ordinary drive, but send the entered password as a text message via the GSM modem. Make it act like the password was entered wrong so the user enters it a few times.
- Swap the modified "drive" for the users' original drive.
- Wait for the password to arrive at your prepaid cellphone.
You can break Truecrypt the same way - copy a users' encrypted data, and replace the Truecrypt executable with one that broadcasts the password when the user types it.
Not sure what this attack is called - "false keypad attack"?
http://www.zalman.com/eng/product/Product_Read.php?Idx=750
Virtual Drive + External HDD Case
Real Time 256-Bit AES Hardware Encryption
Dimensions: 146(L) x 80.8(W) x 14(H)mm
Weight: 91g (except hard disk)
Materials: Aluminum alloy, Acryl, Poly Carbonate (PC)
External Interface: USB1.1 Max. 12Mbps
USB2.0 Max.:480Mbps
USB3.0 Max.:5Gbps
Internal Interface: S-ATA I/II
Compatible HDD Size: 2.5'
Power: Input : DC +5V (USB Powered)
Supported OS: Window 98 / ME / 2000 / XP / VISTA / 7, Mac OS, Linux
Color: Black/Silver
:. Smith & Wesson: The original point and click interface.
How long until someone reverse engineers the firmware to allow brute force cracking of the pincode without triggering an automatic data wipe? This isn't a matter of "if" but rather a matter of "when", IMHO.
Corsair Padlock II USB drive.
Touch screens provide a point of attack by looking at the smudges left by a finger on the glass. Even if the glass is wiped clean, microscopic analysis might show the common finger path. I think I'd trust mechanical buttons to be more reliable than a touch screen over a long period of time. They are also less likely to get broken during rough handling.
This one, http://www.datalocker.com/products/data-locker-enterprise-20.html
How is this news? It's nice, BTW, but it's hardly news.
I wonder if it would be possible to add a Fricosu key to whole-disk encryption. This would be a second key, which when entered under duress in Colorado (or elsewhere), would silently and permanently forget the real encryption key. That way, the disk could never be unlocked.
There are some caveats. If the disk had been imaged, restoring the image would render the Fricosu key useless. At the border, however, the Border Patrol would not have time to image the drive. Enter your Fricosu key, and your kiddie pr0n goes away, permanently.
There are lots of employers looking for talent here in KC, and having trouble finding it. I code .NET and constantly have folks banging on my door. The Midwest vibe here is pretty laid-back, and KC has a long tradition of arts and philanthropy for a mid-size city. If you're looking for a change, come check us out - I could use some co-workers!
UDF was designed by an optical media industry consortium for use on optical disks, and was carefully tailored for their unique characteristics
(e.g. it can provide the illusion of overwriting files even on optical media types which can only be written to by appending, never by overwriting). Had you never considered the possibility that UDF might not be the best possible choice for other media types?
Depends. There are several sub-types (called "build") of UDF.
- The basic one is called "plain build". It's the most widely available. It's optimized to be written on pure random access device (harddisks, flash, etc.) and thus can only be used in read-only form on optical media.
- The careful tailoring you refer to happens in the other subtypes. The "VAT build" is exactly the type of "append-only" format you refer to (and is similar to how adding files was done on ISO9660 partitions on CD-R with packet writing). There's also the "Spared build" which is optimized for R/W optical media (similar to ISO with packet writing on CD-RW). Although this one is tailored for optical media, it isn't as widely available. Most computer can use it, every single recording appliance (DVD-R / -RW based video recorders or cam-coders) can use it. BUT NOT ALL media reading appliance. Most DVD players, for example, don't. That's why you have to "finish" a DVD you've recorded before it becomes available on a regular living room DVD player.
for references, see here.
So the suitability of UDF for a flash device depends on the choosen build.
If one use one of the optical-media-optimised builds, as you suggest, that would be a very bad choice:
- It's indeed not designed for flash.
- It's not widely supported. (You in-car entertainment, or your living room DVD player might lack software support for it. Though your computer should be able to read it).
I was referring to using the "plain build".
- This one is designed with for fully random read/write devices.
- It's supported nearly everywhere (read-only optical media happen to use the same, for simplicity, to avoid excessive headache with the "writeable optical media" optimisations), so even a DVD player is one simple firmware upgrade away from using it on its USB port too. (Unlike ExFAT which isn't currently available on lots of devices). And given how UDF has been embeded almost everywhere, it's not difficult to imagine embeding it into photo cameras and other appliances without optical media.
- It supports some more advanced features as FAT, like POSIX file attribs.
- It is not based around stupid outdated design like allocation tables (it did make sence in the 70ies: it was optimised for the limitation of computers then. Now we're in 2013, but exFAT is still using some variation of it).
- So basically UDF is less awful than keeping FAT and ExFAT.
Apple makes it pretty easy to implement HFS+ if you want to.
Yes (unlike the patent mine field of FAT/ExFAT). Nevertheless, beside Apple devices and Linux PC with the corresponding driver compiled in, machines with HFS support aren't widespread. Unlike UDF.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]