Hi Gang, I don't wish to be accused of mere persiflage; however, the amount of true information in either place is so little that the hot air balloon need have no fear of flying high.
On the issue of the Seagate drive, building encryption into hardware makes a lot of sense - if it is done right that is - because direct attack on FGPAs is a lot harder to achieve than hex editing some software code or even a ROM chip. But what is not clear at all is what real protection is being offered. It seems to me that the weak point is that the front end processes still need to be made robust - login for instance, if it is weak then does it matter if the disk is encrypted? Another point to possibly consider is yanking the HD, installing it on a test bed where a brute force attack could be automated to run round the clock at very high speeds. Give that one can create a teraflop cluster for well under $50k, this could be a serious issue. It seems like it is well within the ability of a small organization to virtualize the attack by doing something akin to forensic level bit copy and mount many copies of the virtual disk on a cluster for massive parallel attack, unless, of course, there is a mechanism in place to prevent full disk copying. Even that won't work very well, I don't believe, because I myself have mounted the platters of one HD in the frame of another of the similar model in order to copy the data off to analyze, and I'm no great shakes at all the hardware hacking. So if the physical version has both an encrypted and a non-encrypted variation, the physical protection is toast. The other issue is data recovery when you get hit by a bus. Who manages the keys as well as how become the point of attack, not the disk encryption itself. This appears to be what we are seeing in the evolving HD-DVD fiasco where they have de-soldered the SMD to copy and edit the software code on the chip and then re-mount it in the device to break the AACS code at a higher level. Oddly enough this parallels a discussion I was having yesterday about our local park and dogs. The core parallel is trust. One can either choose sides and duke it out or one can develop a community of trust where we work together to achieve our mutual needs. While we can not eliminate working on solutions to "Quis custodiet ipsos custodes?" we also need to add "Adsertoris cautim armorum egonus cunctua? Conductum hominis nostri!" - "Who will protect us all? Only ourselves!" (My apologies to true Latin scholars. What little I knew has long fled. Correct as desired or required by the pain level it brings you.) Best, Allen Ali, Saqib wrote: > CryptoMill will provide a management suite for Seagate's FDE.2 Momentus HDD: > > http://www.cryptomill.com/docs/CMSGPressRelease.pdf > http://www.net-security.org/secworld.php?id=5085 > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
