[unisog] OT: Putting Encyption Functions in the HDDs

Alan Amesbury amesbury at oitsec.umn.edu
Thu Apr 27 21:37:25 GMT 2006


Saqib Ali wrote:

[snip]
> See the following for an links to articles that talk about this:
> http://www.xml-dev.com/lurker/message/20060425.042414.0b74d6fb.en.html#fde
> 
>>From eWeek article:
> -------------------------
> The 2.5-inch drive offers full encryption of all data directly on the
> drive through a software key that resides on a portion of the disk
> nobody but the user can access. Every piece of data that crosses the
> interface encrypted without any intervention by the user, said Brian
> Dexheimer, executive vice president for global sales and marketing at
> the Scotts Valley, Calif.-based company.

Show me a section of a hard drive to which "nobody but the user" has 
access, and I'll show you a pretty useless section of a hard drive. 
That has to be inaccurate or incorrect reporting by eWeek.

> "The user has to activate a password to access any data. In fact, the
> operating system won't even boot up until the password is entered," he
> said. "So if the computer is lost or stolen, even if they take the
> drive out of the system, it won't do them any good because all of the
> data on the drive is encrypted."

This makes a bit more sense.  I could very easily see something like a 
bootstrap program that has just enough logic to ask for a passphrase for 
a key that's been stored XOR'ed (or similarly obfuscated using the 
passphrase) on disk, then using the recovered key to decrypt the next 
boot phase, etc.  I *think* products like PointSec work this way.

It still sounds a lot like the "magic crypto dust" Cosmin mentioned 
earlier in the thread.


--
Alan Amesbury
University of Minnesota


More information about the unisog mailing list