Re: Seagate announces hardware FDE for laptop and desktop machines
On Jun 10, 2009, at 4:19 PM, travis+ml-cryptogra...@subspacefield.org wrote: Reading really old email, but have new information to add. On Wed, Oct 03, 2007 at 02:15:38PM +1000, Daniel Carosone wrote: Speculation: the drive always encrypts the platters with a (fixed) AES key, obviating the need to track which sectors are encrypted or not. Setting the drive password simply changes the key-handling. Implication: fixed keys may be known and data recoverable from factory records, e.g. for law enforcement, even if this is not provided as an end-user service. There was an interesting article in 2600 recently about ATA drive security. It's in Volume 26, Number 1 (Spring 2009). Sorry that I don't have an electronic copy. The relevant bit of it is that there are two keys. One key is for the user, and one (IIRC, it is called a master key) is set by the factory. IIRC, there was a court case recently where law enforcement was able to read the contents of a locked disk, contrary to the vendor's claims that nobody, even them, would be able to do so. All of these statements may be true. The standardization of the command set for encrypting disk drive does has a set master key command. If this command does exist, and if the user had software that resets this master password, then the backdoor would have been closed. (I know, there area lot of ifs in that sentence.) http://www.dtc.umn.edu/disc/resources/RiedelISW5r.pdf http://www.usenix.org/events/lsf07/tech/riedel.pdf http://www.t10.org/ftp/t10/document.04/04-004r2.pdf and from universities you can access http://ieeexplore.ieee.org/iel5/10842/34160/01628480.pdf https://www.research.ibm.com/journal/rd/524/nagle.html Jim - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Seagate announces hardware FDE for laptop and desktop machines
Reading really old email, but have new information to add. On Wed, Oct 03, 2007 at 02:15:38PM +1000, Daniel Carosone wrote: Speculation: the drive always encrypts the platters with a (fixed) AES key, obviating the need to track which sectors are encrypted or not. Setting the drive password simply changes the key-handling. Implication: fixed keys may be known and data recoverable from factory records, e.g. for law enforcement, even if this is not provided as an end-user service. There was an interesting article in 2600 recently about ATA drive security. It's in Volume 26, Number 1 (Spring 2009). Sorry that I don't have an electronic copy. The relevant bit of it is that there are two keys. One key is for the user, and one (IIRC, it is called a master key) is set by the factory. IIRC, there was a court case recently where law enforcement was able to read the contents of a locked disk, contrary to the vendor's claims that nobody, even them, would be able to do so. The man in question had his drives sized by the FBI and they read the drives, uncovering emails between the man and his lawyer. He was suing the manufacturer for false advertising. Here are the links from the 2600 article: http://tinyurl.com/atapwd http://tinyurl.com/cmrrse http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml hdparm -security-erase-enhanced in Linux http://www.deadondemand.com/ http://www.vogon-investigation.com/password-cracker.htm -- Obama Nation | My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. pgpvh6qewOZcV.pgp Description: PGP signature
Re: Seagate announces hardware FDE for laptop and desktop machines
On Oct 3, 2007, at 4:39 AM, Florian Weimer wrote: But this exhibits an issue with disk-based encryption: you can't really know what they are doing, and if they are doing it right. (Given countless examples of badly-deployed cryptography, this isn't just paranoia, but a real concern.) Precisely. If you're keeping secrets from your nosy siblings and coworkers, hardware FDE is more than adequate. If you have reason to believe someone skilled and resourceful might really want your data, you almost certainly have no business using a blackbox encryption system operating in a way that's not publicly documented -- even if the system is buzzword-compliant -- and implemented by a company (hard disk vendor) where crypto is about as far from their core competency as you can get. -- Ivan Krstić [EMAIL PROTECTED] | http://radian.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
* Ivan Krstić: On Oct 3, 2007, at 4:39 AM, Florian Weimer wrote: But this exhibits an issue with disk-based encryption: you can't really know what they are doing, and if they are doing it right. (Given countless examples of badly-deployed cryptography, this isn't just paranoia, but a real concern.) Precisely. If you're keeping secrets from your nosy siblings and coworkers, hardware FDE is more than adequate. If you have reason to believe someone skilled and resourceful might really want your data, you almost certainly have no business using a blackbox encryption system operating in a way that's not publicly documented -- even if the system is buzzword-compliant -- and implemented by a company (hard disk vendor) where crypto is about as far from their core competency as you can get. I think the really interesting question is what happens when you lose a FDE-ed hard drive. Do you still need to publish the incident and contact potentially affected individuals? If the answer is no, I'm sure this technology will be quickly adopted, independently of its actual implementation. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
I think the really interesting question is what happens when you lose a FDE-ed hard drive. Do you still need to publish the incident and contact potentially affected individuals? If the answer is no, I'm sure this technology will be quickly adopted, independently of its actual implementation. California Senate Bill CA1386 provides a Get Out of Jail Free Card if you are using reasonable means to protect the confidentiality of data. However you still have to proof it saqib http://security-basics.blogspot.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
On Tue, Oct 02, 2007 at 03:50:27PM +0200, Simon Josefsson wrote: Without access to the device (I've contacted Hitachi EMEA to find out if it is possible to purchase the special disks) it is difficult to infer how it works, but the final page of the howto seems strange: ... NOTE: All data on the hard drive will be accessible. A secure erase should be performed before disposing or redeploying the drive to avoid inadvertent disclosure of data. One would assume that if you disable the password, the data would NOT be accessible. Making it accessible should require a read+decrypt+write of the entire disk, which would be quite time consuming. It may be that this is happening in the background, although it isn't clear. It sounds to me as if they are storing the AES key used for bulk encryption somewhere on the disk, and that it can be unlocked via the password. Assumption: clearing the password stores the key encrypted with password or an all-zeros key, or some other similar construct, effectively in plain text. So it may be that the bulk data encryption AES key is randomized by the device (using what entropy?) or possibly generated in the factory, rather than derived from the password. Speculation: the drive always encrypts the platters with a (fixed) AES key, obviating the need to track which sectors are encrypted or not. Setting the drive password simply changes the key-handling. Implication: fixed keys may be known and data recoverable from factory records, e.g. for law enforcement, even if this is not provided as an end-user service. -- Dan. pgpbW81YLkONk.pgp Description: PGP signature
Re: Seagate announces hardware FDE for laptop and desktop machines
* Simon Josefsson: One would assume that if you disable the password, the data would NOT be accessible. Making it accessible should require a read+decrypt+write of the entire disk, which would be quite time consuming. It may be that this is happening in the background, although it isn't clear. Perhaps this section wasn't updated? A password-based lock method is present in most laptop drives today. But this exhibits an issue with disk-based encryption: you can't really know what they are doing, and if they are doing it right. (Given countless examples of badly-deployed cryptography, this isn't just paranoia, but a real concern.) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
Following up on an old thread with some new information: Hitachi's white paper is available from: http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf ... The interesting part is the final sentence of the white paper: Hitachi will be offering the Bulk Data Encryption option on all new 2.5-inch hard disk drive models launched in 2007, including both the 7200 RPM and 5400 RPM product lines. At the request of the customer, ^^ this option can be enabled or not, at the factory, without any impact on the drive?s storage capacity, features or performance. Interestingly, Hitachi has updated that paragraph in the paper (re-using the same URL), and now it reads: Hitachi will be offering the Bulk Data Encryption option on specific part numbers of all new 2.5-inch hard disk drive products launched in 2007, including both the 7200 RPM and 5400 RPM product lines. For a list of specific part numbers that include the Bulk Disk Encryption feature or for more information on how to use the encryption feature, see the ?How To Guide? for Bulk Data Encryption Technology available on our website. The How To Guide includes screen shots from BIOS configuration. The disk appear to be using the standard ATA BIOS password lock mechanism. The guide is available from: http://hitachigst.com/tech/techlib.nsf/products/Travelstar_7K200 http://hitachigst.com/tech/techlib.nsf/techdocs/F08FCD6C41A7A3FF8625735400620E6A/$file/HowToGuide_BulkDataEncryption_final.pdf Without access to the device (I've contacted Hitachi EMEA to find out if it is possible to purchase the special disks) it is difficult to infer how it works, but the final page of the howto seems strange: Disable security For an end user to disable security (i.e., turn off the password access control): 1. Enter the BIOS and unlock the drive (when required, BIOS dependent). 2. Find the security portion of your BIOS and disable the HDD user password, NOT the BIOS password. The master password is still set. ... NOTE: All data on the hard drive will be accessible. A secure erase should be performed before disposing or redeploying the drive to avoid inadvertent disclosure of data. One would assume that if you disable the password, the data would NOT be accessible. Making it accessible should require a read+decrypt+write of the entire disk, which would be quite time consuming. It may be that this is happening in the background, although it isn't clear. Another interesting remark is: Note that the access method to the drive is stored in an encrypted form in redundant locations on the drive. It sounds to me as if they are storing the AES key used for bulk encryption somewhere on the disk, and that it can be unlocked via the password. So it may be that the bulk data encryption AES key is randomized by the device (using what entropy?) or possibly generated in the factory, rather than derived from the password. /Simon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
On Tue, 02 Oct 2007 15:50:27 +0200 Simon Josefsson [EMAIL PROTECTED] wrote: It sounds to me as if they are storing the AES key used for bulk encryption somewhere on the disk, and that it can be unlocked via the password. I'd say decrypted by the password, rather than unlocked, but that's the right way to do it: since it permits easy password changes. It also lets you do things like use different AES keys for different parts of the disk (necessary with 3DES, probably not with AES). So it may be that the bulk data encryption AES key is randomized by the device (using what entropy?) or possibly generated in the factory, rather than derived from the password. There was this paper on using air turbulence-induced disk timing variations for entropy... --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
Leichter, Jerry wrote: First off, it depends on how the thing is implemented. Since the entire drive is apparently encrypted, and you have to enter a password just to boot from it, some of the support is in an extended BIOS or some very early boot code, which is below any OS you might actually have on the disk. If I had to guess, I would suggest they were using the ATA secure hd password api, and really providing security rather than the firmware-lock usually associated with such passwords. That would allow you to retrofit it to a lot of laptops which already use that functionality, in a plug-and-play manner. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
Dave Korn wrote: On 07 September 2007 21:28, Leichter, Jerry wrote: Grow up. *If* the drive vendor keeps the mechanism secret, you have cause for complaint. But can you name a drive vendor who's done anything like that in years? All DVD drive manufacturers. That's why nobody could write a driver for Linux until CSS was cracked, remember? It wasn't the mechanism that was secret so much as the key. CSS was supposed to protect someone else's data. You wouldn't give the key to *your* drive away, would you? /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Seagate announces hardware FDE for laptop and desktop machines
On 07 September 2007 21:28, Leichter, Jerry wrote: Grow up. *If* the drive vendor keeps the mechanism secret, you have cause for complaint. But can you name a drive vendor who's done anything like that in years? All DVD drive manufacturers. That's why nobody could write a driver for Linux until CSS was cracked, remember? cheers, DaveK -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
On 9/6/07, Jacob Appelbaum [EMAIL PROTECTED] wrote: Seagate recently announced a 1TB drive for desktop systems and a 250GB laptop drive. What's of interest is that it appears to use a system called DriveTrust for Full Disk Encryption. It's apparently AES-128. Yes, but will it work on my UltraSparc? How about my PPC powermac? Or maybe my OpenBSD laptop? What's that - I have to use some opaque mechanism to key my drive? Pass. And how do I know that the drive didn't just store a copy of my encryption key in NVRAM somewhere which can be retrieved by reading some magic sequence of negative sectors? And what about a zillion other paranoid but reasonable concerns? CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
Jacob Appelbaum [EMAIL PROTECTED] writes: Seagate recently announced a 1TB drive for desktop systems and a 250GB laptop drive. What's of interest is that it appears to use a system called DriveTrust for Full Disk Encryption. It's apparently AES-128. The detail lacking press release is here: http://www.seagate.com/ww/v/index.jsp?locale=en-USname=seagate-unveils-new-giantsvgnextoid=6bb0e0e1f0494110VgnVCM10f5ee0a0aRCRD The relevant excerpt of it appears to be: The Barracuda FDE (full disc encryption) hard drive is the world?s first 3.5-inch desktop PC drive with native encryption to prevent unauthorized access to data on lost or stolen hard drives or systems. Using AES encryption, a government-grade security protocol and the strongest that is commercially available, The Barracuda FDE hard drive delivers endpoint security for powered-down systems. Logging back on requires a pre-boot user password that can be buttressed with other layers of authentication such as smart cards and biometrics. I found this somewhat relevant paper (though it seriously lacks important details) on DriveTrust: http://www.seagate.com/docs/pdf/whitepaper/TP564_DriveTrust_Oct06.pdf Has anyone read relevant details for this system? It seems like something quite useful but I'm not sure that I trust something I can't review... Hitachi's white paper is available from: http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf (Btw, it contains something as rare as a reasonable threat analysis! At least compared to other advertising materials...) After having acquired the 1TB device, and didn't find any support for this feature, I re-read some information: The interesting part is the final sentence of the white paper: Hitachi will be offering the Bulk Data Encryption option on all new 2.5-inch hard disk drive models launched in 2007, including both the 7200 RPM and 5400 RPM product lines. At the request of the customer, ^^ this option can be enabled or not, at the factory, without any impact on the drive?s storage capacity, features or performance. I wonder how easily it would be to request this for a normal customer. I gave up when my supplier said they didn't offer this configuration. I would be interested to know which key-derivation function they are using, I'm assuming the key is derived from a password, and which AES mode and IV etc. Knowing that may enable you to verify that data is really stored encrypted: buy two devices, set up one to use disk encryption, and swap the logic boards and then read data from the supposedly encrypted disk. As for finding out if they accidentally also write down the AES key on some hidden part of the disk, that may be more difficult... /Simon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
