Re: [unisog] OT: Putting Encyption Functions in the HDDs

["Saqib Ali" <docbook.xml () gmail com>]

> that it is using ECB mode since CBC would require
> encrypting/decrypting the entire drive to do reads / writes. If this
> is using ECB mode then some interesting attacks could be mounted
> against it.

ECB is pretty weak. I would think hardware encryption would use a
stream mode of DES such CFB(cypher feedback) or OFB(output feedback).
Stream cypher makes more sense in this situation rather than a block
cipher.

> Aside of implementation details (which sometimes prove to be the weak
> spot) the biggest problem with encryption is the KEY. The data is only
> as safe as the key.
A Japanese article said that the keys are stored in a separate
inaccessible part (tamper-proof???) of the drive, and they are
encrypted.

> The last concern I have with this comes back to using passwords. I see
You can always use 2-factor authentication instead of static password.
Seagate's FDE drives can use biometric, RSA token, or smart cards.
This was demo at CeBIT using TiDoCoMi from Secude.

See:
http://www.xml-dev.com/lurker/message/20060425.142230.0ba0d4b8.en.html
for an article that discusses this.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------