[unisog] OT: Putting Encyption Functions in the HDDs

hermit921 hermit921 at yahoo.com
Thu Apr 27 22:02:37 GMT 2006


I must be missing something.  If I take that drive, attach to another 
computer running a different operating system, how is the disk 
protected?  There is no boot process involved.

If the encryption key is stored in the motherboard firmware I can see the 
disk refusing access, but I would hate to lose the disk contents because I 
upgraded firmware or the motherboard failed.  And they say the key is on 
the disk, but that means accessing the disk to get the key to decrypt the 
disk to access the disk...

hermit921


At 02:37 PM 4/27/2006, Alan Amesbury wrote:
>Saqib Ali wrote:
>
>[snip]
> > See the following for an links to articles that talk about this:
> > http://www.xml-dev.com/lurker/message/20060425.042414.0b74d6fb.en.html#fde
> >
> >>From eWeek article:
> > -------------------------
> > The 2.5-inch drive offers full encryption of all data directly on the
> > drive through a software key that resides on a portion of the disk
> > nobody but the user can access. Every piece of data that crosses the
> > interface encrypted without any intervention by the user, said Brian
> > Dexheimer, executive vice president for global sales and marketing at
> > the Scotts Valley, Calif.-based company.
>
>Show me a section of a hard drive to which "nobody but the user" has
>access, and I'll show you a pretty useless section of a hard drive.
>That has to be inaccurate or incorrect reporting by eWeek.
>
> > "The user has to activate a password to access any data. In fact, the
> > operating system won't even boot up until the password is entered," he
> > said. "So if the computer is lost or stolen, even if they take the
> > drive out of the system, it won't do them any good because all of the
> > data on the drive is encrypted."
>
>This makes a bit more sense.  I could very easily see something like a
>bootstrap program that has just enough logic to ask for a passphrase for
>a key that's been stored XOR'ed (or similarly obfuscated using the
>passphrase) on disk, then using the recovered key to decrypt the next
>boot phase, etc.  I *think* products like PointSec work this way.
>
>It still sounds a lot like the "magic crypto dust" Cosmin mentioned
>earlier in the thread.
>
>Alan Amesbury
>University of Minnesota




More information about the unisog mailing list