Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

148 comments

Worlds most secure cipher meet ... (3, Insightful)

tomstdenis (446163) | more than 7 years ago | (#18316695)

worlds stupidest user with passwords like 'password' :-)

Also how are they using AES? I thought P1619 (XTS-AES) is still a draft. Are they betting it will get adopted unchanged? Or are they using some other thing? Please tell me it's not AES in ECB mode...

Tom

Re:Worlds most secure cipher meet ... (3, Informative)

archen (447353) | more than 7 years ago | (#18316749)

Actually it appears that it is using a CBC, there appears to be a middle layer that arbitrarily partitions sections that are encrypted and decrypted on the fly. I was pretty skeptical the last time this was mentioned on slashdot, but I have to admit this actually looks like a promising product. I'll wait for some more skillful security experts to evaluate it first, but I'm certainly keeping an open mind on it.

Re:Worlds most secure cipher meet ... (1)

tomstdenis (446163) | more than 7 years ago | (#18316799)

But CBC requires IVs. Are they using up sectors to store them?

The whole idea of XTS is that you can get privacy without extra storage.

Tom

Re:Worlds most secure cipher meet ... (1)

Sami (83769) | more than 7 years ago | (#18317971)

You can get that with ESSIV already, however, XTS (or XEX) has other benefits that are more important.

Re:Worlds most secure cipher meet ... (3, Interesting)

Loconut1389 (455297) | more than 7 years ago | (#18316813)

I wonder what sector corruption does in CBC mode then? Lose more of the drive? Or have the used some overhead for extra forward error correction?

Re:Worlds most secure cipher meet ... (1)

Battle_Ratt (524562) | more than 7 years ago | (#18317677)

Sector Corruption in CBC mode typically means a severe shift to the left, followed by massively useless data types naive users think is important. http://www.cbc.ca/ [www.cbc.ca]

Re:Worlds most secure cipher meet ... (1)

cortana (588495) | more than 7 years ago | (#18317815)

You lose the rest of the encrypted block, not the whole drive (I think).

Re:Worlds most secure cipher meet ... (2, Informative)

J'raxis (248192) | more than 7 years ago | (#18319257)

This is how Linux's crypto-loop works. The CBC is run across only individual 512-byte blocks of the disk. I think they use the sector number as an IV.

Re:Worlds most secure cipher meet ... (3, Informative)

this great guy (922511) | more than 7 years ago | (#18317819)

Most good hard disk encryption technologies behave in way that if a single bit is flipped in an encrypted sector, then the whole decrypted sector becomes corrupted (and others sectors around this one are not affected). This sort of behavior is desired and help prevent content leak attacks.

For example, Loop-AES behaves like this in multi-key-v3 mode where CBC is used with an IV computed from a secret key, the sector number, and plaintext blocks [1..n-1] in the sector. This is also how Microsoft Bitlocker behaves because they combine CBC with the Elephant diffuser. When CBC is not used, this property can be achieved using LRW or XEX, or wide-block encryption.

damn... you guessed it. (0)

Anonymous Coward | more than 7 years ago | (#18316863)

Now i have to change my password again. ;)

No need to blame the user. (4, Insightful)

twitter (104583) | more than 7 years ago | (#18317843)

worlds stupidest user with passwords like 'password' :-)

That's a joke, but some people really think that way. Blaming "stupid users" makes them feel more secure or helps them pass the buck for choosing systems with poor security. When you think about it, it's not very funny.

Passive encryption might be a step in the right direction, but I won't trust it as long as the software doing has owners and secrets kept from users. They can point to specs and tell me what they are doing, but that does not mean they are doing that. The owners can break in at will, the keys can be padded with zeros and finally, the owners can make mistakes.

Re:No need to blame the user. (1)

jacksonj04 (800021) | more than 7 years ago | (#18318997)

A system can have outstanding security and still not compensate for stupid users and social engineering (The two often go hand in hand). The data is held on a password protected disk on a machine which requires a smartcard to log in, and the whole thing is locked within a steel vault buried underground and the only access is through a blast door which relies on retina scans to open.

What part of that can't be bypassed by somebody giving away what they know/have (Because their friend forgot theirs and really needs to look at those specs) and opening the door for them (Because their friend had laser eye surgery and security haven't updated the database).

Remember, the universe will always build a better idiot.

Re:Worlds most secure cipher meet ... (2, Interesting)

simm1701 (835424) | more than 7 years ago | (#18318557)

actually using something as trivial as password (or passw0rd since many things refuse password when setting one) is not always a bad thing

Take all these shops that you have to sign up with before buying something, all they store is your address, your email address, your email and on rare occasions order history (the ones that also store credit cards are a different matter but those are less common and I'm not talking about those here)

Why should I use one of my more secure passwords? I dont like to change passwords too often - it means writing them down.

I also dont want to use one of my more secure ones (8-16 char upper lower number and other chars) if there is a good chance they are going to be in plain text on the other side.

So I use something trivial - and I use it on any site where I could not care if someone guesses my password for my email address and finds the same information for me thats listed on whois look ups, half a dozen websites and the phone book!

On sites that store sensitive information I have other passwords which are much more secure, but I have a separate set that I use within my trusted area - ie servers either I control or I kow the person that controls them so I know how they are stored, I don't overlap the two.

But yes trivial passwords have their place - ie when you are being asked for a password for something you really could not care less about and they are probably only wanting a password for tracking purposes

Re:Worlds most secure cipher meet ... (1)

PalmKiller (174161) | more than 7 years ago | (#18319101)

Well for one ... Your credit card info might be stored even if you told it not to ... then the person who guessed your ultra secure password of 'password' can go to your profile and get that info on some sites...some its obscured. Or better yet, even if the credit card is obscured, maybe they can order something and send it to the abandoned house down the street from them. Getting caught for mail fraud might slow them down, but the possibility of getting a shiny new computer at the expense of your laziness might be worth the risk. Try this, use one really secure password for all those sites, maybe with slight variations...say at newegg and zipzoomfly use neweggMySecureTypePassword zipzoomflyMySecureTypePassword Its not hard to remember that one additional password for ordering sites...and with its variation added, you will be in pretty good shape security wise.

Re:Worlds most secure cipher meet ... (0)

Anonymous Coward | more than 7 years ago | (#18319603)

I am using Cryptop ( http://en.cryptop.nl/ [cryptop.nl] ) for my needs. It is open and adaptable.

Secure like HDDVD? (0, Troll)

gasmonso (929871) | more than 7 years ago | (#18316723)

Hacked in 3....2....1

gasmonso http://religiousfreaks.com/ [religiousfreaks.com]

Re:Secure like HDDVD? (0)

Anonymous Coward | more than 7 years ago | (#18316929)

Nice job not even reading the fine title.

Re:Secure like HDDVD? (2, Informative)

pv2b (231846) | more than 7 years ago | (#18317019)

There's a funamental difference here.

Most DRM hinges on the fact that the content must stay readable, in however limited a sense. In other words, you're giving the encrypted content to the attacker, who also has to have the key in order to use it. The attacker and the intended recipient are the same person.

When you take away that requirement, encryption actually becomes workable.

Worlds most secure? (2, Interesting)

stratjakt (596332) | more than 7 years ago | (#18316737)

What makes this the most secure?

Is this really any more secure than dm-crypt? Faster, no doubt, but more secure?

Re:Worlds most secure? (2, Informative)

Nutria (679911) | more than 7 years ago | (#18317309)

What makes this the most secure?

Because it's the only (publicly available) HDD with *cryption functions built into the circuitry.

Is this really any more secure than dm-crypt? Faster, no doubt, but more secure?

Probably not. But simpler for users/admins to put out in the field.

But closed-source, so we really don't know how well it was implemented.

Re:Worlds most secure? (1)

SanityInAnarchy (655584) | more than 7 years ago | (#18318267)

I guess I still don't get it -- tell me again why doing this in the HDD circuitry is useful?

I mean, we still do software RAID, and find it pretty useful -- and it's at the point where there's plenty of "fakeraid" out there to deal with Windows' lack of good (cheap) RAID tools. So, why not just implement something similar -- BIOS crypto? That would make it easy enough, without actually having to put more circuitry on the drive.

For that matter, it seems to me like it would make much more sense to have a generic hardware crypto device, so you can use it for other things -- ipsec being another obvious example.

Re:Worlds most secure? (1)

Nutria (679911) | more than 7 years ago | (#18318563)

I guess I still don't get it -- tell me again why doing this in the HDD circuitry is useful?

Because that way the algorithm that *crypts the data always stays with it. If it were BIOS crypto, what happens when Phoenix uses AES and AMI uses Blowfish?

For that matter, it seems to me like it would make much more sense to have a generic hardware crypto device, so you can use it for other things

Single-use means: easier to implement and disseminate.

Re:Worlds most secure? (1)

SanityInAnarchy (655584) | more than 7 years ago | (#18319531)

If it were BIOS crypto, what happens when Phoenix uses AES and AMI uses Blowfish?

That's what standards are for, and AES is the standard. Or they could do what HD-DVD/Blu-Ray does and pick a few, and declare that those are possible standards.

Re:Worlds most secure? (1)

Nutria (679911) | more than 7 years ago | (#18319879)

Or they could do what HD-DVD/Blu-Ray does and pick a few, and declare that those are possible standards.

And if, for "competitive advantage", Phoenix & AMI choose different standards?

Re:Worlds most secure? (1)

FunkyELF (609131) | more than 7 years ago | (#18318615)

You make good points. It could all be done in software. But then again so can 3d graphics.

I've never used dm-crypt but I've read about it and thought about using it. It seems like most people out there who use dm-crypt even use it on their swap partition just to make sure that the key is never stored in plaintext on the HDD itself.

It just makes it nice for the consumer to be able to plug the hard drive into a machine and have encryption working out of the box with no setup. Although it doesn't seem to be completely self contained

From the article...
Seagate claims the performance hit for what is usually a CPU-intensive process is only a couple of percent thanks to onboard processing, and that the user would not be aware of any read or write drag. I would think anything more than 0 percent means that it isn't completely self contained. Why is the CPU concerned at all?

Re:Worlds most secure? (1)

SanityInAnarchy (655584) | more than 7 years ago | (#18319435)

But then again so can 3d graphics.

Most things like this can be done in software or in hardware. Which is only part of the point.

Let me put it this way: How would you feel if you didn't buy a "video card", but rather a "Half-Life 2 card"? Video cards are as generic as they reasonably can be. This is hardware to help with encryption, and I don't see anything about it that would tie it to the hard drive other than user convenience. If you really need hardware-accelerated crypto -- and you probably don't; modern CPUs can probably do the crypto faster than modern hard drives can read/write the data -- then shouldn't you have a dedicated crypto card or chip which works for accelerating any crypto the OS wants it to?

And why should you pay for the same hardware twice? That is, say I get two of these hard drives, and put them both in the same computer -- doesn't it make more sense to just have one crypto chip shared between them? I certainly don't have to buy two video cards to get 3D acceleration on dual monitors, although I can buy two of them and get twice the performance out of one monitor. This should be the same, unless it's somehow much cheaper this way (and I'm guessing it's not) -- if I really need more crypto speed to handle a 15 terabyte array hooked to a couple of gigabit pipes, I should just buy more/better crypto cards.

I'm also pretty sure this kind of thing exists already, somewhere. Not on consumer hardware, though.

Only advantage I see to doing it this way is that it's no longer possible for someone to steal the drive, put a rootkit on your kernel (in your boot partition), and give it back to you without you noticing. But if they can do that, they can probably stick a hardware keylogger on your keyboard anyway.

It just makes it nice for the consumer to be able to plug the hard drive into a machine and have encryption working out of the box with no setup.

Which, as I said, can be accomplished (as well as it possibly could be) without special hardware. Worst case, you do some BIOS hack. But it's not going to work with no setup; the user is going to have to supply an encryption key.

Re:Worlds most secure? (1)

creimer (824291) | more than 7 years ago | (#18317745)

What makes this the most secure?

Seagate doesn't provide the password. It's the ultimate Christmas gift to keep your hacker busy until New Year's.

3gb/s sata on a 5400 rpm drive? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18316785)

The article mentions how its on a 3GB/s SATA interface, but that the disk is 5400 RPM. Why bother with the high speed sata? Why not save $$ and put either a PATA or SATA 1 controller? You'll never get even close to 3GB/s- much like you can't get that fast with desktop drives either.

Re:3gb/s sata on a 5400 rpm drive? (2, Insightful)

lukas84 (912874) | more than 7 years ago | (#18316997)

Because by now, a 3GB SATA controller is cheaper than a PATA controller.

Supply & Demand.

Re:3gb/s sata on a 5400 rpm drive? (4, Insightful)

MightyYar (622222) | more than 7 years ago | (#18317061)

Wild speculation here, but it could be one or more of the following:
  • They sell a lot of drives with a lot of different speeds. It might be cheaper for them to standardize on a few chipsets then to buy different chips and have different designs based on the drive's capability.
  • For marketing reasons, they may have decided to always have the latest-and-greatest buzzword on the box of all of their new products.
  • A major customer asked them to use this interface.
In all, not the strangest decision I've come upon today.

Re:3gb/s sata on a 5400 rpm drive? (1)

Matt Perry (793115) | more than 7 years ago | (#18318673)

W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Wow, what wacky writing.

Re:3gb/s sata on a 5400 rpm drive? (1)

ruiner13 (527499) | more than 7 years ago | (#18317295)

Well, I'm assuming there is a microchip on the drive itself that does the encryption/decryption. I'm guessing there may be a lag between reading the data off the drive and sending it back to the computer via the SATA bus, so giving the highest possible burst speed I can see being an advantage here. More so than a standard 5400 RPM SATA drive that would only have to handle reading and writing, anyway.

Re:3gb/s sata on a 5400 rpm drive? (1)

TopSpin (753) | more than 7 years ago | (#18317501)

Why not save $$ and put either a PATA or SATA 1 controller?

What, precisely, makes you think also supplying PATA or an older SATA device would be cheaper? Perhaps it is cheaper for a manufacturer to not bother with multiple different SATAs, or fiddly, obsolete parallel buses and simply adopt one device across the board. In terms of R&D, supply chain, manufacturing and QA it is rather easy to imagine that obviating older standards is actually cheaper, but I don't know, because I don't manufacture millions of disks every year. How about you?

Re:3gb/s sata on a 5400 rpm drive? (1)

myrdred (597891) | more than 7 years ago | (#18318025)

Hard drives have caches which can max the bus interface, since they operate at RAM speeds, and not disk speeds. So whenever you get cache hits, you can expect your data to go through the full 3GB/s.

Re:3gb/s sata on a 5400 rpm drive? (1)

ChrisA90278 (905188) | more than 7 years ago | (#18318739)

Why 3Gb/S to a 5400RPM drive? Easy, the 3Gb/S interface does not connect to the drive. It connects to a huge RAM cache. The cache is fast enough to accept data at a high rate. High peek speeds are useful and it likely adds little or no additional cost to the product. For some uses average sustained speed matters but for many more peek speed matters.

Re:3gb/s sata on a 5400 rpm drive? (1)

SanityInAnarchy (655584) | more than 7 years ago | (#18319809)

Well, PATA is right out for me. SATA has hotplugging and much nicer connectors. As for 3G vs 1, I'll leave that to others to answer.

Backdoored? (4, Interesting)

J'raxis (248192) | more than 7 years ago | (#18316789)

Who knows what this thing is doing inside? They're using AES-128 so you may not have to worry about the encryption algo being unsecure, but who's to say this thing isn't caching the password in some place you don't know about (but that the manufacturer and your country's authorities do)?

Re:Backdoored? (1)

Loconut1389 (455297) | more than 7 years ago | (#18316937)

the solution has always seemed to me to do it at the controller level - encrypt everything but commands and require the OS to supply the password at some interval to a write-only memory.

The drive unlocks parts of the drive for bootup and there's a master password--- this sounds like there are exploits that need to be discovered, but will be.

Re:Backdoored? (2, Funny)

Odiumjunkie (926074) | more than 7 years ago | (#18317083)

> require the OS to supply the password at some interval to a write-only memory.

Sounds really useful. From what I hear, write-only memory is about as cryptographically secure as it comes.

Re:Backdoored? (1, Funny)

tomstdenis (446163) | more than 7 years ago | (#18317159)

Um, it exists. Basically you put memory behind a controller which does not allow reads from a given bus. Hence, write only.

NEWBIE!

Re:Backdoored? (1)

tomstdenis (446163) | more than 7 years ago | (#18317387)

How is that a troll? i work for a hardware firm. We do this on a regular basis. People want to be able to feed a key to something and not have bus snoop read it later.

I only called the OP a newb because he/she/it was being all sarcastic about something we do on a regular basis.

Re:Backdoored? (1)

J'raxis (248192) | more than 7 years ago | (#18318657)

Is the write-only memory that we're talking about volatile storage that'll blank when the power goes off, or just an otherwise-inaccessible part of the permanent media in the drive? In the latter situation, what's to prevent someone from taking the drive apart (forensic analysis) to circumvent whatever mechanisms that, under normal operating conditions, render that portion of the drive "write-only"?

Sounds like relying on a login prompt to protect your computer's data and forgetting someone with physical access to the device can just turn it off.

Re:Backdoored? (1)

tomstdenis (446163) | more than 7 years ago | (#18318993)

If the memory is SRAM [or registers...] and hidden inside the IC, taking the chip apart to see where the memory is won't really help.

The idea is temporal security. In that, at some point the key goes over the bus [protected or otherwise] and cannot later be read back, that is, externally. Of course, inside the IC the memory is readable, how else would it use the key? But that's inside the IC with DPA/SPA resistance and the like...

There is a whole build up for "keywrap" standards which address this very problem. E.g. RSA or ECC encrypt the key, fire it over the bus, the IC decrypts it [with a private key stored internally]. The key could be encrypted on the host processor or even externally (e.g. to authenticate something).

Tom

Re:Backdoored? (1)

PPH (736903) | more than 7 years ago | (#18318449)

I don't think it really matters. If the OS has to provide a key to the drive, it can be intercepted before its written there. A sufficiently robust encrypted link between the system and the drive might slow people down, but the only way to guarantee security would be to weld the computer shut.

And then outlaw bandsaws.

Re:Backdoored? (1)

CastrTroy (595695) | more than 7 years ago | (#18317539)

But what about keyloggers on the computer?

Well it has at least one, by design (0)

Anonymous Coward | more than 7 years ago | (#18317069)

The TPM chip securely generates and stores keys for use by the Seagate FDE drive. Barring any backdoors or security holes in TPM itself (which would be a PR disaster for any company), the cost of an attack is prohibitively expensive.

OS Compatibility? (1)

Apple Acolyte (517892) | more than 7 years ago | (#18316819)

What's the OS compatibility/driver outlook for this new type of drive?

Re:OS Compatibility? (0)

Anonymous Coward | more than 7 years ago | (#18319947)

Oh, come on out and just ask it:

But does it run Linux?

Oh Goody! (4, Insightful)

LibertineR (591918) | more than 7 years ago | (#18316859)

According to Seagate, any US company that loses a laptop using the Seagate drive in conjunction with the launch security management system from Wave Systems, will not have to give public notification of the loss, even if the data is of a highly confidential nature. This alone guarantees that the technology will find a market given the increasingly costly and embarrassing repercussions of laptop thefts.

Who cares if this gets cracked by Tuesday, bitches?

The selling point is that the banks wont have to tell you when Bubba leaves his laptop on the CAL TRAIN with your credit card data in standby mode, cause its encrypted!

I feel so safe!

Re:Oh Goody! (1)

Kjella (173770) | more than 7 years ago | (#18316973)

Next step - find out what the minimum passwords requirements are. With a password you're likely to type in every time the laptop boots, you can bet it'll be as simple as possible. For example, if it's 8 latters, must include capital and number, you can almost bet it'll be XxxxxxxN for a whooping 36 bits of security. Almost nobody bothers to type in a password to match the AES strength with any regularity...

Re:Oh Goody! (2, Informative)

Nutria (679911) | more than 7 years ago | (#18317423)

Next step - find out what the minimum passwords requirements are. With a password you're likely to type in every time the laptop boots, you can bet it'll be as simple as possible. For example, if it's 8 latters, must include capital and number, you can almost bet it'll be XxxxxxxN for a whooping 36 bits of security. Almost nobody bothers to type in a password to match the AES strength with any regularity...

Don't be so sure.

I had to install PGP Desktop and encrypt my laptop's HDD, and when it asked me for the pass phrase, there was a "strongness" meter that increased the more and more random the pass phrase. Using a combination of upper & lower-case letters plus , it wouldn't accept anything shorter than, IIRC, 18 characters.

Re:Oh Goody! (1)

hansamurai (907719) | more than 7 years ago | (#18318549)

18 characters with varying case throughout? At that point I'd have to write it on a post-it.

Re:Oh Goody! (1)

Nutria (679911) | more than 7 years ago | (#18318819)

18 characters with varying case throughout? At that point I'd have to write it on a post-it.

The one I chose happens to be 22 characters. The trick is to choose a phrase that is meaningful to you but also not easily discovered thru social engineering.

Doable, but definitely requires forethought.

Re:Oh Goody! (1)

klaus_g (99169) | more than 7 years ago | (#18317939)

think smartcard or fingerprint.

Re:Oh Goody! (1)

LibertineR (591918) | more than 7 years ago | (#18318541)

That's all well and good, except that almost everyone I know who uses these encryption schemes disable the password to bring their machine out of hybernation or standby modes. Something about having to always type in that complex password, or slide in that USB key.

There simply is no security scheme in all computing that has a chance against the stupid/lazy/uniformed end user.

Re:Oh Goody! (1)

daeg (828071) | more than 7 years ago | (#18317319)

To this day I do not understand why computers outside of a massively secure data center are allowed to keep records of ANY private data. We don't let any of our staff maintain local copies of any data. Not even e-mail. If you stole a computer from any of our offices, you'd basically have an underpowered Dell desktop. You could easily log into the system, but aside from a few cache files and browsing history, you'd have nothing.

Why is it so hard for banks and insurance companies to do the same?

It's not like getting an internet connection via cell phone provider is hard or prohibitively expensive these days. I can only hope that some large, sweeping changes take place before the government begins mandating things (and subsequently inflating the cost, legislating bad technology, etc, as per their normal operating behavior). Fix it before they make you.

And in next year's news... (5, Funny)

dpbsmith (263124) | more than 7 years ago | (#18316899)

it will transpire that ...Los Alamos National Laboratory misplaced a notebook full of top-secret data in which the encryption had never been turned on... ...a Microsoft executive lost a notebook full of plans for dirty ways to undermine Open Source, after sticking Post-It note to the screen to remind him of his wife's birthday, which he used as his password... ...all the scientific data from a major NASA mission costing $1.63 billion were stored on a contractor's laptop, who had encrypted all of it, chosen a good password, never wrote it down, and got hit by a bus without telling it to anyone... ...but NASA was able to recover the data by asking the FBI, which knew the backdoor and had been reading every NASA contractor's hard drive without a warrant.

YOU MUST BUY THE WORLD'S MOST SECURE HARDDRIVE!!! (1, Funny)

Anonymous Coward | more than 7 years ago | (#18316923)

Or the terrorists will win by stealing our porn so we can't watch it and start to fear it!

What will you tell your children when you are afraid of porn because there is no porn left because it was stolen and consumed by terrorists because of insecure harddrives??? ...I thought so!

features (TPM), and fingerprint reader (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18316925)

"As well as on-the-fly encryption integrated into the drive itself using chip acceleration, the laptop also features a trusted platform module (TPM), and fingerprint reader...."


Super; they give it all the encryption it needs etc. etc. etc. then they use a key which will be marked in grease on all of the keys of the keyboard. Why not just provide stick on piece of paper for writing the password down on? That would be easier and lead to fewer cases of employees hands being stolen together with their laptops. Anyway, just goes to show that the important mistakes in encryption are always in the implementation.

Re:features (TPM), and fingerprint reader (2, Informative)

stratjakt (596332) | more than 7 years ago | (#18317179)

You don't have to use the fingerprint reader, and my understanding is that it's more of a windows-logon thing than a boot-up thing.

However, you could easily design a keypad that makes it nigh-impossible to lift a print. A simple rough textured finish on the top would do the trick.

Re:features (TPM), and fingerprint reader (1)

CastrTroy (595695) | more than 7 years ago | (#18317577)

Until the rough finish wears out. Most of my keyboards have the keys worn away pretty smooth. I even have a keyboard at home where the bumps on the J and F keys are almost completely gone. You could also lift a print from the screen, or anywhere else on the case also, not just the keyboard.

real question (2, Insightful)

Lord Ender (156273) | more than 7 years ago | (#18316949)

If I put one of these in a regular laptop--one which supports DriveLock, but nothing else--can this disk use the DriveLock password as the encryption key?

If that were the case, it would be a simple matter to retrofit existing laptops (which use DriveLock to protect the disks) with the improved security of full-blown encryption. And it could be done without any perceptible changes to the user!

This could be a great product if they just Keep It Simple so that it works seamlessly with the already widely-deployed ATA Security Mode (DriveLock) protocol.

I already have the world's most secure hard drive (1, Funny)

unts (754160) | more than 7 years ago | (#18317007)

It's called /dev/null

Granted, getting data back is a bit, erm, difficult, but write only memory? That's pretty damn secure.

(And anticipating witty responses... I will accept that /dev/null isn't technically a hard drive, but then I'd have no joke, so work with me here!)

Re:I already have the world's most secure hard dri (1)

corychristison (951993) | more than 7 years ago | (#18318013)

I think a slightly better joke would be:

My data is very secure! This is all I had to do:
# ln -s /dev/sda /dev/null

/dev/null is a beowulf cluster of damn secure (1)

swschrad (312009) | more than 7 years ago | (#18318551)

most importantly, it never breaks.

Back Door For Big Brother ? (3, Insightful)

Junior Samples (550792) | more than 7 years ago | (#18317045)

Seagate is an American Company. Is it possible for them to provide a secure product without providing a back door for Big Brother to access? Can they be trusted? I'm very skeptical.

Re:Back Door For Big Brother ? (1)

mastershake_phd (1050150) | more than 7 years ago | (#18317093)

Is it possible for them to provide a secure product without providing a back door for Big Brother to access?

I think so.
Can they be trusted?

No

Re:Back Door For Big Brother ? (2, Funny)

stratjakt (596332) | more than 7 years ago | (#18317127)

You're right I'll wait until China produces one. There's a government I trust.

Re:Back Door For Big Brother ? (1)

J'raxis (248192) | more than 7 years ago | (#18318925)

I'd trust it -- if I were using it here in the US. (Why would the Chinese share their backdoors with our cops?)

Re:Back Door For Big Brother ? (2, Funny)

aadvancedGIR (959466) | more than 7 years ago | (#18317201)

For the tinfoil community, simply create a circuit to short-cut the battery (or any other low-power incendiary device) in case of wrong password and use a Sony laptop to be able to claim bad luck when the FBI ask you to enter your PW.

Re:Back Door For Big Brother ? (1)

Nutria (679911) | more than 7 years ago | (#18317525)

Is it possible for them to provide a secure product

Of course. Stop living in 1993. (http://en.wikipedia.org/wiki/Clipper_chip [wikipedia.org] )

without providing a back door for Big Brother to access?

Depends on whether or not they want to sell into the Chinese market.

Re:Back Door For Big Brother ? (1)

Cheesey (70139) | more than 7 years ago | (#18317775)

Your hard disk may already contain "back doors" in the form of hidden sectors and undocumented features for accessing them. These may already be being used for forensic recovery. Their purpose may not be sinister: they may exist simply so that damaged areas of the disk can be transparently remapped. But it's just another reason why you can never be sure that a piece of data has been deleted from your disk, unless you physically destroy it.

I wonder where Richard M. Stallman gets his disks from? I don't know of any HDD vendors that provide the source code for the drive firmware.

Re:Back Door For Big Brother ? (0)

Anonymous Coward | more than 7 years ago | (#18317961)

>>I wonder where Richard M. Stallman gets his disks from? I don't know of any HDD vendors that provide the source code for the drive firmware.

I thought I heard he only used thinkpads. Anyone else know for sure?

Re:Back Door For Big Brother ? (1)

J'raxis (248192) | more than 7 years ago | (#18319013)

This is actually a good reason to not trust disk-level encryption -- if the data is going to the disk in the clear and you're relying on the disk to encrypt it, are you even sure it really got encrypted? It could be getting copied somewhere else on the disk, accidentally or intentionally, and you'd never know.

But if your OS is doing full-disk encryption for you, so that no data ever even travels down the IDE cable before it's been encrypted, this particular worry can be put to rest. Let the disk make sixteen different copies it, and a special one just for the FBI, for all the good it'll do.

Of course, then you have to trust the OS...

gn44 (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18317103)

was Vafter a long

More important things. (1)

eddy (18759) | more than 7 years ago | (#18317117)

Not trusting it. Get back to work on those 4-platter 1TB disks instead, summer is fast approaching. Those monsters should shift the price ladder down nicely.

The incomplete article is missing any mention... (5, Informative)

BenEnglishAtHome (449670) | more than 7 years ago | (#18317121)

...of the competitors in this market space. Several companies have been doing this for years with good track records. I think these links [slashdot.org] are still good.

Only protects from theft! (1)

KE1LR (206175) | more than 7 years ago | (#18317145)

Like Vista's BitLocker (which can do a similar thing in software), this is mainly to prevent the hard drive from being mounted on different hardware because the fact that the drive is actually encrypted is going to be transparent to the user. Any random idiot can still access the data on your laptop with one of these drives if you leave your password on a sticky note -- or use no login password at all.

If you want to proect files on your laptop from being accessed by a logged-in user, you need to use something like PGP to encrypt those specific things or define an encrypted folder/partition that requires an additional action to "unlock".

Re:Only protects from theft! (1)

SEMW (967629) | more than 7 years ago | (#18318319)

AFAIK, Bitlocker can operate in a mode where the encryption key is kept in a USB flash drive, so it won't boot unless that's plugged in (obviously it still needs a password as well). If you kept that around your neck or something, that could some way to solving that particular problem.

What happens when the flash drive is lost / damaged / worn out may be a problem, though; I hope you can make a backup drive...

Video Camera Application? (2, Informative)

mwilliamson (672411) | more than 7 years ago | (#18317353)

Slap one of these bad-boys into a video camera with only the ability to only write/encrypt and then you'll have a tool journalists can use without fear their content will be pilfered by a herd of unwieldly pigs. Only once the cam is back from the field would the data be accessable. This of course assumes the drive uses some sort of PKI, it may be symmetric only, in which case you'd have to add something to generate the symmetric keys from a PKI infrastructure. Performance should still be good with the added PKI module since the internal crypto would still be using the hardware accelerator with the derived symmetric keys.

Re:Video Camera Application? (1)

swb (14022) | more than 7 years ago | (#18317425)

Your PKI doesn't do shit when some third-world government thug runs a few dozen 7.62x39 rounds through your camera. They generally don't want to steal your video, they don't want anyone to SEE your video AT ALL, and AK rounds accomplish this nicely.

Re:Video Camera Application? (1)

AmigaAvenger (210519) | more than 7 years ago | (#18318041)

by third world i'm assuming you mean US, in particular any government force with a gun, either your local PD SWAT team or certain branches of our military government...

Re:Video Camera Application? (1)

swb (14022) | more than 7 years ago | (#18318733)

No, I mean any of your post-colonial shitholes with no constitutional protections of free speech, run by enlightened leaders with no history of censorship or thuggishness towards even their domestic press, like Sudan, Zimbabwe, hey, even Russia (how many dead journalists in the last year?) and China.

Since the U.S. has a constitutional guarantee of free speech, a strong judiciary with no interest in prior restraint, as well as a vibrant free press, I don't think we qualify.

Re:Video Camera Application? (1)

Lord Ender (156273) | more than 7 years ago | (#18317591)

pilfered by a herd of unwieldly pigs.
How does one wield a pig?

Get back or I shall slay you with my +9 Pork Chop of Gluttony!

Re:Video Camera Application? (0)

Anonymous Coward | more than 7 years ago | (#18319193)

It's like a Rat-Flail [vgcats.com] but has a 5% chance to stun for two rounds.

I figured it out... (1)

krbvroc1 (725200) | more than 7 years ago | (#18317485)

This is mainly marketing hype. The Seagate drives are now the worlds most secure because they are shipped in a 'Clamshell/Blister Pack'. I dare anyone without specialized tools to access it.

Re:I figured it out... (1)

Hoi Polloi (522990) | more than 7 years ago | (#18318281)

I'm looking to buy a pair of chainmail gloves for opening those things.

LaCie (1)

CokeBear (16811) | more than 7 years ago | (#18317629)

LaCie had a 500GB AES 128-bit hardware encryption fingerprint-biometric (with FireWire 800, FireWire 400, & USB 2.0) like, 6 months ago! Why is this news?

http://www.lacie.com/us/products/product.htm?pid=1 0872 [lacie.com]

Re:LaCie (1)

CokeBear (16811) | more than 7 years ago | (#18317675)

Sorry to reply to my own comment, but now that I've RTFA and realized that we're talking about portable drives, I figured I should point out that these are also available from LaCie:
http://www.lacie.com/us/products/product.htm?pid=1 0691 [lacie.com]

and have been for many moons.

Re:LaCie (0)

Anonymous Coward | more than 7 years ago | (#18318089)

Lacie repackages consumer drives (poorly). Seagate produce consumer drives. See the difference?

Next you're going to claim Lacie sells 1TB drives? <sigh>

Old news...already done (1)

SirKron (112214) | more than 7 years ago | (#18318003)

Come back with a 60 GB solid state version for under $500 and we'll talk.

US Federal Government (0)

Anonymous Coward | more than 7 years ago | (#18318081)

There will be an instant customer for this - the US Federal government. There is a requirement that all new government computers (or is it just laptops?) have encryption. This past summer, when the VA lost a laptop with client data, they spent over $40 million searching to get it back. In response to this, there is a requirement for encryption.

Secure from who? (2, Funny)

Assassin bug (835070) | more than 7 years ago | (#18318151)

My highspeed, large-capacity Seagate drive wasn't secure from itself when it decided to critically fail 1 week after warrenty!

FTA.... (1)

sanimalp (965638) | more than 7 years ago | (#18318177)

"The Wave Systems management software - used standalone or in conjunction with a management server - can access other admin-pleasing features that have been included in the design. If a user forgets his or her password, a master password can be applied to give access to the drive as a last resort."

I think I discovered a backdoor to the "world's most secure hard drive."

Meh... (1)

VokinLoksar (1021515) | more than 7 years ago | (#18318257)

I don't see this as something of great value. Right now I'm working on my laptop which is running FreeBSD under full disk encryption using GELI and AES-256. I have the boot splice unencrypted, that only has the kernel and the boot code, and everything else, including swap, is on the encrypted slice. A slight performance hit due to software encryption? Yes. But is the weaker hardware encryption worth extra money? Not to me. In fact, I would much rather spend the money on a separate hardware encryption solution rather than one which is built-in to the drive. That way, any old drive you may have lying around could be fully-encrypted and used for storing sensitive data. Making this sort of encryption as part of the drive doesn't make sense to me.

On my windows machines it would probably be of more use since I can't encrypt the system drive, but everything else is encrypted via TrueCrypt. In order words, all my data which needs to be protected, is. And like I said before, with software I can use AES-256 which makes me more comfortable than 128-bit. You can probably argue that today it doesn't matter, the latter is good enough. It's more about psychology, I think.

Hibernate (2, Insightful)

Nom du Keyboard (633989) | more than 7 years ago | (#18318535)

And how secure is it if you hibernate, rather than shut down, your system? Does all the crook have to do is keep it powered, or do you need to re-enter your password each time you raise the lid? If so, I suspect the password is going to be rather short, and easily guessable.

The real problem is not designing effective security, but getting people to use it properly. You can start on this by banning PostIt notes from the corporate environment -- or at least make them self-destruct.

Bah (1)

joto (134244) | more than 7 years ago | (#18319221)

Here I hoped they would have created the most secure harddrive in the world, one who withstand earthquakes, floods, car collisions, and 50+ years of continuous use. And then it turns out that it's just a layer of crypto.

How boring, we can do that in software already....

Top 10 Most Secure Hard Drives (2, Insightful)

malcomvetter (851474) | more than 7 years ago | (#18319843)

The Top 10 Most Secure Hard Drives in Existence to date:

1. The world's most secure hard drive is the one not used to contain valuable confidential data (experts question its existence).
2. Doesn't exist.
3. Doesn't exist.
4. A hard drive that contains some valuable confidential data, but remains physically within a datacenter. The OS that accesses it does not share its data with other OSes, and runs the full gamut of controls (prevention, detection, correction).
5. Doesn't exist.
6. Doesn't exist.
7. Doesn't exist.
8. Doesn't exist.
9. A hard drive that contains some valuable confidential data, remains physically within a datacenter, but its OS shares data among other systems whose trust is "unknown" or "uncertain".

And tied for 10th place (by virtue of consolation):
10. An encrypted drive in a mobile device relying upon its user for security.
10. An unencrypted drive in a mobile device relying upon its user for security.

If the "laws of physics" of information security were known, we'd likely see a Newtonian-esque law that says something like (in a more scientific form): "any security system that relies upon a person to use the system correctly will fail [miserably]". What Seagate is trying to do is analogous to defying gravity or creating "information security perpetual motion". It just won't improve the situation for anyone (except perhaps the "checklist security" people who can tell their compliance regulation auditors that they can add a point to their useless overall score).

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...