[unisog] OT: Putting Encyption Functions in the HDDs
docbook.xml at gmail.com
Wed Apr 26 14:14:57 GMT 2006
> that it is using ECB mode since CBC would require
> encrypting/decrypting the entire drive to do reads / writes. If this
> is using ECB mode then some interesting attacks could be mounted
> against it.
ECB is pretty weak. I would think hardware encryption would use a
stream mode of DES such CFB(cypher feedback) or OFB(output feedback).
Stream cypher makes more sense in this situation rather than a block
> Aside of implementation details (which sometimes prove to be the weak
> spot) the biggest problem with encryption is the KEY. The data is only
> as safe as the key.
A Japanese article said that the keys are stored in a separate
inaccessible part (tamper-proof???) of the drive, and they are
> The last concern I have with this comes back to using passwords. I see
You can always use 2-factor authentication instead of static password.
Seagate's FDE drives can use biometric, RSA token, or smart cards.
This was demo at CeBIT using TiDoCoMi from Secude.
for an article that discusses this.
Saqib Ali, CISSP, ISSAP
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
More information about the unisog