[unisog] OT: Putting Encyption Functions in the HDDs

Saqib Ali docbook.xml at gmail.com
Wed Apr 26 14:14:57 GMT 2006


> that it is using ECB mode since CBC would require
> encrypting/decrypting the entire drive to do reads / writes. If this
> is using ECB mode then some interesting attacks could be mounted
> against it.

ECB is pretty weak. I would think hardware encryption would use a
stream mode of DES such CFB(cypher feedback) or OFB(output feedback).
Stream cypher makes more sense in this situation rather than a block
cipher.

> Aside of implementation details (which sometimes prove to be the weak
> spot) the biggest problem with encryption is the KEY. The data is only
> as safe as the key.
A Japanese article said that the keys are stored in a separate
inaccessible part (tamper-proof???) of the drive, and they are
encrypted.

> The last concern I have with this comes back to using passwords. I see
You can always use 2-factor authentication instead of static password.
Seagate's FDE drives can use biometric, RSA token, or smart cards.
This was demo at CeBIT using TiDoCoMi from Secude.

See:
http://www.xml-dev.com/lurker/message/20060425.142230.0ba0d4b8.en.html
for an article that discusses this.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------



More information about the unisog mailing list