Re: Security Flaw in Popular Disk Encryption Technologies

Achim Patzner wrote:
Am 25.02.2008 um 23:48 schrieb Uwe Doering:
Since it hasn't been mentioned so far: There are hard disk drives that do encryption on the firmware level, so you don't have to store keys on the OS level.

I wouldn't go that far as there isn't (better: I didn't find)
enough documentation on their mechanisms to satisfy my curiosity.

I haven't tried so far, but perhaps they can provide additional docs or pointers to already downloadable whitebooks on request. In the past, I found a number of whitebooks on their web site detailing various aspects of their storage technology. Quite interesting stuff. :-)

You might want to take a look at eNova (http://www.enovatech.net/)
who are pointing at interesting hardware using their crypto technology.

Interesting approach as well. Thanks for the pointer. However, given that notebooks are the most vulnerable group of computers in this regard, the drawback I see is that the notebook manufacturers first have to adopt this solution, since you normally cannot put such additional hardware into a notebook yourself. This restricts your choice of notebooks, and you also still have no solution for notebooks that you already have.

For this reason it struck me as a clever idea to do the encryption in the HDD's firmware. This way you need no additional hardware and can equip each and every notebook sporting an SATA interface with sufficiently secure HDD encryption, without support from the notebook manufacturer because a HDD is a user replaceable part.

Regards,

Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini@xxxxxxxxxxx | http://www.escapebox.net
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Powerbook G4, 12", OS Tiger Security
    ... so that before OS X Tiger boots, i have to enter my password. ... some sensitive data on my notebook and more importantly, ... An Open Firmware password isn't ... "encryption" at MacUpdate and VersionTracker. ...
    (comp.sys.mac.portables)
  • Re: exploring the use of manual encryption of passwords (newbie)
    ... Your idea of simple manual encryption is interesting, ... extra care with your notebook: anyone who put his hands on it and type ... the essence is the remaining string of digits. ... An adding modulo of plaintext and key is simple enough, ...
    (sci.crypt)
  • Re: [Full-disclosure] round and round they go
    ... most people are just ignorant when it comes to security. ... anyway, you're right - if they do use encryption and if they felt safe, ... and you might just turn your notebook OFF, instead of putting it to sleep. ... in an airport lounge and leave the airport before anyone notices or ...
    (Full-Disclosure)
  • RE: Notebook policy (need advice)
    ... encryption and points made on AV, however, I wanted to simply add to those ... Not all positions within a company require the use of a notebook for work ... and applicability of any security policy could achieve a more targeted ... a policy surrounding notebook usage will be geared to a specific ...
    (Security-Basics)
  • Re: Umstieg von Debian-Linux auf MacOSX
    ... Ich wollte von einem Debian Desktop-Rechner auf ein Notebook umsteigen. ... Wenn Du einen Mac kaufts, gib nicht Dein ganzes Budget für die Hardware aus. ... Selbstverständlich laufen auch die meiste FOSS, die Du schon von Linux her kennst. ...
    (de.comp.sys.mac.misc)