Of computers and baseball
>Dell notebook
Strike one.
>McAfee security software.
Strike two.
>This is AES 128-bit US government-grade
Strike three ...
Never lose notebook data again. Not if you have a Dell notebook: the company is producing self-encrypting laptops with Seagate encrypting drives and McAfee security software. Seagate is now shipping 5400 and 7200 rpm Momentus notebook drives with 320 and 500GB capacity and full disk encryption options. This is AES 128-bit US …
Micro$haft must love this - what happens when your HDD crashes or the OS gets corrupted?
"Sorry mate, your disk's encrypted at the hardware level - you'll have to buy a new one with the OS installed since the HDD's onboard protection prevents overwriting system files to prevent data theft..."
And, I'm assuming there is some sort of tie-in between the HDD and the original MoBo - since it has to be able to boot up and be used by a 'valid' user, how can it tell the difference between the original, "permitted" owner and the [EXPLETIVE DELETED] who stole it or the poor unsupecting second-hand buyer who got it off EvilBay but (presumably) shouldn't have access to the stuff that was worth encrypting in the first place?
What about overseas travel to those censorous Dictatorships where you have to surrender your IT kit on arrival to fight Terrorism? What happens when you *cannot* supply the decryption key since it's hardware-encoded? (And why is it that Senior Execs from EU arms companies are subjected to the full shakedown while the PFY from backwater Hicksville, OH gets through with his top-of-the-line laptop containing Timothy McVeigh's life story and the Anarchists' Cookbook gets through unchecked..??)
I for one welcome our unreadalbe Hardware Overlords.
First, TrueCrypt already does this and is free.
Second, quote "The encryption key never leaves the drive and so is not susceptible to the cold boot attack." Exactly how do they encrypt data if the key never leaves the drive? There are memory chips and circuits in the hard drive that contain the encryption key, so ... busted!
Third, these babies come loaded with 256MB non-volatile memory to store recent reads/writes from/to the disk. This data is presumably unencrypted.
So....
If I drop a 'live cd' in the tray and re-boot, what will happen ?
In my experience, once the live cd OS is running, it gives access to any / all data on the hard drive, so makes encryption redundant.
The only solution I have found useful, is to apply the encryption at the document / file level, so even though it can be seen, it can not be accessed.....
I thank you.
P.
It's been obvious for years that encryption should be on *every* hard drive, even if driven from the bios. So this is a step in the right direction, even if McAfee is involved - still the bios options would mean this should work for those of us of the penguin persuasion.
Mind you - does 'Government Grade Encryption' mean 'we left a back door, just in case'?
So many commercial security products turn out to be badly implemented or have government-dictated back doors. So, if you seriously care about keeping stuff secret, you're probably better off with open-source software encryption, though it wouldn't hurt to have this as well, I suppose.
How useful is it in the context of recent laptops left in pubs / cars that have walked...
Don't you just have to get past the MS Windows XP / Vista password or is that so secure this is the last piece of the jigsaw puzzle ? I'd extend this to Linux but don't think any government department or large corporation is running Linux on laptops.
This post has been deleted by its author
Is somebody new to computers or something? "Data loss" has never meant "somebody else has access to our data". "Data loss" means, quite literally, loss of data (as in "the data cannot be recovered; it has been lost"). The technology this article mentions is to prevent data theft or unauthorized data access. Saying this technology will prevent data loss is like saying credit monitoring will prevent death.
But I don't see how this works.
If "the key never leaves the drive", then how the HDD know the person currently using it is allowed to use the HDD? Or is the decryption *always* on by default?
If the HDD gets authorisation from outside the drive, then it is susceptible to hacking, keystroke logging, etc...
Please, explain to me how this is a "Good Thing"(tm). No really, please, I'm serious. I must be missing something.
I think there is a bit of confusion here by some. The drive asks the bios to request a password, so you can only use it as I understand on systems with a bios that understands this. On my laptop, it goes through the normal bios passwords, then pops up and tells me that hard disc (serial number) requires a startup password. If i don't give it, the drive won't spin up, and doesn't work.
This happens at BIOS level, so, if I put in a "live cd", the hard disc still can't be accessed as I have to authenticate at bios level first.
It won't stop all forms of hacking no, but it will stop a lot of it, and certainly would have improved UK.gov chances if they'd deployed clue like this. No security solution is perfect, but this helps.
P.S. Take the drive to another machine without bios support and it's dead, useless, as if it has failed. Take it to one with a bios support for hdd passwords and it just pops up and requires a password.
Self-encrypting drives are the next step in consolidating important features, much like chip set features migrate into CPUs.
And it doesn't have the hackable gaps of software encryption: http://tinyurl.com/5nkoet. We're going to see this as a default drive feature for business someday.
The way I understand it, the encryption key does indeed never leave the drive. This works in a similar way to Kerberos authentication; the user enters a password during POST, which is sent to the HDD. The HDD encryption controller then creates a key from this password and compares it to the stored key and uses the result of this comparison to allow or deny access.
Booting from a live CD will not help as the contents of the drive are encrypted, live CD's wont even see the partition table let alone the data.
The real beauty of hardware encryption such as this lies in the performance gain. Software encryption creates quite a high performance overhead when performing disk I/O (that would be all the time then). Hardware encryption uses a dedicated encryption controller located physically on the HDD, taking the load off the processor and resulting in no overhead. Think back to the early(ish) days of PC gaming when games could be run with software or hardware video acceleration, and the performance benefits gained from having a dedicated graphical processing unit.
As several people have commented however, encryption is only one step on the road to preventing data compromise. User education is the hardest bit, getting users to use strong passwords, to not forget these strong passwords, to not write these strong passwords down and to not copy their data from their (encrypted) HDD to their (unencrypted) removable media!