On Fri, 20 Jul 2012 17:33:26 +0200 (CEST)
Wojciech Puchar <[email protected]> wrote:
> > As your disk is probably not 'open source' (?), you don't
> > know if there is a really encryption, or if there is a secret
> > password (as for some bios) that permits to access data.
>
> thats exactly what i fear about. it is even possible that there are no
> encryption at all.
There are certain Seagate Momentus disks that do AES encryption in
hardware. This means that they use an AES key to encrypt the data, and
you need a ("BIOS"-)password to unlock this key at boot. So whenever you
change the password, it's just that - the AES key stays the same. You
need to make sure that your BIOS also has an option to reset the AES
key (e.g. the Thinkpad laptops can do this with an official BIOS
patch). Otherwise you rely on the manufacturer that he doesn't keep a
list of the default AES keys ;)
> > Keep in memory that, whatever you do, if a guy has money
> > and WANTS your data, he can get these.
> >
> > So, as long as you're not a terrorist,
> No i am not a terrorist yet ;)
ACK. What kind of threat do you want to counter, who is your
adversary... [1], [2]
> So final conclusion - just use software encryption.
> Thank you.
Yes and no. Again, what threat are you looking at. If your adversary can
get physical access to your machine ("evil maid attack"), he can
install a root kit or key logger - which would defeat any software
crypto. In this case you need full disk encryption AND make it difficult
to flash the BIOS or replace hardware parts (how about an identical
keyboard with a built-in sniffer?).
The average user should protect himself against unwanted data disclosure
(e.g. stolen laptop or lost USB disk). Software crypto is perfectly
fine for this.
kind regards,
Robert
[1] http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
[2] http://xkcd.com/538/
