| Date: Thu, 6 Sep 2007 16:00:03 -0600 | From: Chris Kuethe <[EMAIL PROTECTED]> | To: Jacob Appelbaum <[EMAIL PROTECTED]> | Cc: Cryptography <cryptography@metzdowd.com> | Subject: Re: Seagate announces hardware FDE for laptop and desktop machines | | On 9/6/07, Jacob Appelbaum <[EMAIL PROTECTED]> wrote: | > Seagate recently announced a 1TB drive for desktop systems and a 250GB | > laptop drive. What's of interest is that it appears to use a system | > called DriveTrust for Full Disk Encryption. It's apparently AES-128. | | Yes, but will it work on my UltraSparc? How about my PPC powermac? Or | maybe my OpenBSD laptop? First off, it depends on how the thing is implemented. Since the entire drive is apparently encrypted, and you have to enter a password just to boot from it, some of the support is in an extended BIOS or some very early boot code, which is "below" any OS you might actually have on the disk. Once you get past that, though, it depends on what they provide. If the boot-time password gets stored in the disk firmware and controls all encryption and decryption for the "session", the OS would neither know nor care. If the drivers have to get involved, or you *want* them involved (e.g., because you want to use the disk hardware to do encryp- tion with different sets of keys you assign to different files, partitions, whatever the thing can support) then ... ask for something reasonable: That the interface to the mechanism is published so that someone can write the appropriate drivers.
| What's that - I have to use some opaque mechanism to key my drive? Pass. Ah, yes, it's all a conspiracy to make you run Windows. Grow up. *If* the drive vendor keeps the mechanism secret, you have cause for complaint. But can you name a drive vendor who's done anything like that in years? What possible motivation could they have? (In fact, I believe Seagate has said they will publish the specs.) | And how do I know that the drive didn't just store a copy of my | encryption key in NVRAM somewhere which can be retrieved by reading | some magic sequence of negative sectors? And what about a zillion | other paranoid but reasonable concerns? You don't. The general issue of how you can come to trust a piece of cryptographic hardware has been discussed here before, and no one has been able to suggest a way to do it. Guess what: Seagate makes the same point. As one of the two remaining drive vendors who are actually US-based (I forget who the other is), they've pointed out to Congress that it might not be such a good thing if DoD's and Homeland's and the FBI's secure disks were all based on chips and firmware developed overseas (and particularly in China). They bring this up purely for patriotic reasons, of course. If Congress sees fit to provide a bit of protection, well, that's a national policy issue, not Seagate's doing.... :-) Of course, most of the world's countries will be faced choosing secure devices developed and built in one of 3 or 4 countries, at least the two largest of which have very well developed organizations to, err, develop information in the national interest. Who are you willing to trust? How much are you willing to pay to avoid trusting someone you would rather not trust? Personally, if I were *that* concerned, I'd use an encrypted file system on top of an FDE system, at least for the stuff I considered really sensitive. -- Jerry | CK | | -- | GDB has a 'break' feature; why doesn't it have 'fix' too? | | --------------------------------------------------------------------- | The Cryptography Mailing List | Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] | | --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]