back to article Of Dell's self-encrypting laptop

Never lose notebook data again. Not if you have a Dell notebook: the company is producing self-encrypting laptops with Seagate encrypting drives and McAfee security software. Seagate is now shipping 5400 and 7200 rpm Momentus notebook drives with 320 and 500GB capacity and full disk encryption options. This is AES 128-bit US …

COMMENTS

This topic is closed for new posts.
  1. jake Silver badge

    Of computers and baseball

    >Dell notebook

    Strike one.

    >McAfee security software.

    Strike two.

    >This is AES 128-bit US government-grade

    Strike three ...

  2. Anonymous Coward
    Anonymous Coward

    All this effort

    All this effort must cost a fortune. The solution?

    STOP leaving all the countries personal data on trains!

    See, that didn't cost much did it? Problem solved.

  3. Anonymous Coward
    Stop

    Am I missing something?

    Micro$haft must love this - what happens when your HDD crashes or the OS gets corrupted?

    "Sorry mate, your disk's encrypted at the hardware level - you'll have to buy a new one with the OS installed since the HDD's onboard protection prevents overwriting system files to prevent data theft..."

    And, I'm assuming there is some sort of tie-in between the HDD and the original MoBo - since it has to be able to boot up and be used by a 'valid' user, how can it tell the difference between the original, "permitted" owner and the [EXPLETIVE DELETED] who stole it or the poor unsupecting second-hand buyer who got it off EvilBay but (presumably) shouldn't have access to the stuff that was worth encrypting in the first place?

    What about overseas travel to those censorous Dictatorships where you have to surrender your IT kit on arrival to fight Terrorism? What happens when you *cannot* supply the decryption key since it's hardware-encoded? (And why is it that Senior Execs from EU arms companies are subjected to the full shakedown while the PFY from backwater Hicksville, OH gets through with his top-of-the-line laptop containing Timothy McVeigh's life story and the Anarchists' Cookbook gets through unchecked..??)

    I for one welcome our unreadalbe Hardware Overlords.

  4. The Mole
    Stop

    Never lose notebook data ever again...

    Unless you forget your password..

  5. Jack Harrer
    Thumb Up

    UK.gov solution?

    Can they also automatically encrypt any kind of writeable media connected to it? That would save UK.gov lots of embarrassment in the future. I mean 2data loss" embarrassment as other kinds will still prevail ;)

  6. Allan Rutland
    Coat

    Slight snag...

    is that knowing our incompetent government, they'll all be encrypted yes, but also have a very handy postit note with the password stuck to them :P

  7. Blackadder
    Boffin

    what?

    First, TrueCrypt already does this and is free.

    Second, quote "The encryption key never leaves the drive and so is not susceptible to the cold boot attack." Exactly how do they encrypt data if the key never leaves the drive? There are memory chips and circuits in the hard drive that contain the encryption key, so ... busted!

    Third, these babies come loaded with 256MB non-volatile memory to store recent reads/writes from/to the disk. This data is presumably unencrypted.

  8. Anonymous Coward
    Anonymous Coward

    Lenovo + Hitachi ?

    Errm this sort of bulk encryption has been available for years. Lenovo (IBM Thinkpad as was) + Hitachi h/d (IBM as was) = bulk encrypted hard drive simply by selecting the appropriate BIOS option.

  9. Anonymous Coward
    Paris Hilton

    Safest laptop ever...

    Encrypted hard drives, bitlocker technology, power on passwords, boot passwords, Windows passwords, encrypted file system and last but most important, the self destruct battery mechanism.

    Paris, she wishes her cell phone had all this....

  10. Mark Daniels
    Stop

    Live CD's....

    So....

    If I drop a 'live cd' in the tray and re-boot, what will happen ?

    In my experience, once the live cd OS is running, it gives access to any / all data on the hard drive, so makes encryption redundant.

    The only solution I have found useful, is to apply the encryption at the document / file level, so even though it can be seen, it can not be accessed.....

    I thank you.

    P.

  11. Rob Beard
    Black Helicopters

    Government

    Maybe Seagate should provide a stack of these drives to the government for free so they don't loose any more data on laptops.

    Oh hang on, the government's favourite pass time is saving confidential data on USB pen drives and CD/DVD media aint it.

    Doh!

    Rob

  12. Anonymous Coward
    Alien

    So....

    How long until HM Government places a few orders then!?

  13. Anonymous Coward
    Anonymous Coward

    Can we have it without sucky McAfee?

    McAfee sucks ass, as the Americans would say.

    The only experience I want with McAfee products is uninstalling them.

    Is there an option from another vendor, one that doesn't write inherently flawed "security" software?

  14. Neil Barnes Silver badge
    Black Helicopters

    And about time too...

    It's been obvious for years that encryption should be on *every* hard drive, even if driven from the bios. So this is a step in the right direction, even if McAfee is involved - still the bios options would mean this should work for those of us of the penguin persuasion.

    Mind you - does 'Government Grade Encryption' mean 'we left a back door, just in case'?

  15. Anonymous Coward
    Anonymous Coward

    <title>

    now they just need to make them non stick so the users can't attach post-it notes with the passwords on to them

  16. Anonymous Coward
    Anonymous Coward

    But can you trust it?

    So many commercial security products turn out to be badly implemented or have government-dictated back doors. So, if you seriously care about keeping stuff secret, you're probably better off with open-source software encryption, though it wouldn't hurt to have this as well, I suppose.

  17. Anonymous Coward
    Stop

    Interesting... but

    How useful is it in the context of recent laptops left in pubs / cars that have walked...

    Don't you just have to get past the MS Windows XP / Vista password or is that so secure this is the last piece of the jigsaw puzzle ? I'd extend this to Linux but don't think any government department or large corporation is running Linux on laptops.

  18. Anonymous Coward
    Anonymous Coward

    Backdoor?

    There'll probably be a backdoor built in so the US government can retrieve the data if they wish. I'd still use my own encryption software on those laptops as well.

  19. I. Aproveofitspendingonspecificprojects
    Boffin

    Please Explain

    Why is the rest of the world obliged to conform to US laws about encryption strengths?

    What would be the possibilities of a code implanted in hidden data that would convert it to harmless files of similar sizes that make sense but are in reality a mere smoke screen?

  20. Anonymous Coward
    Thumb Down

    chris you swore!

    mcaffee

  21. This post has been deleted by its author

  22. Chris C

    Data loss?

    Is somebody new to computers or something? "Data loss" has never meant "somebody else has access to our data". "Data loss" means, quite literally, loss of data (as in "the data cannot be recovered; it has been lost"). The technology this article mentions is to prevent data theft or unauthorized data access. Saying this technology will prevent data loss is like saying credit monitoring will prevent death.

  23. Graham Davis

    Lost or found

    As the previous commenter said, this does not prevent data from being lost, it prevents it from being found. Anyone stupid enough to leave a laptop containing highly sensitive information on a train will probably engrave the password on the case.

  24. AJames

    The user security hole

    Want to bet that almost every one of these laptops with an encrypted drive has the password written on a sticky label on the outside?

  25. Anonymous Coward
    Stop

    Mcafee?

    Yes, how secure. Secure like a 3 cm high fence.

    Truecrypt FTW, it is free, usable on non-dell laptops and not a big piece of crap like mcafee.

  26. Neoc
    Unhappy

    Maybe I'm stupid...

    But I don't see how this works.

    If "the key never leaves the drive", then how the HDD know the person currently using it is allowed to use the HDD? Or is the decryption *always* on by default?

    If the HDD gets authorisation from outside the drive, then it is susceptible to hacking, keystroke logging, etc...

    Please, explain to me how this is a "Good Thing"(tm). No really, please, I'm serious. I must be missing something.

  27. Vince

    Not sure you quite get how it works...

    I think there is a bit of confusion here by some. The drive asks the bios to request a password, so you can only use it as I understand on systems with a bios that understands this. On my laptop, it goes through the normal bios passwords, then pops up and tells me that hard disc (serial number) requires a startup password. If i don't give it, the drive won't spin up, and doesn't work.

    This happens at BIOS level, so, if I put in a "live cd", the hard disc still can't be accessed as I have to authenticate at bios level first.

    It won't stop all forms of hacking no, but it will stop a lot of it, and certainly would have improved UK.gov chances if they'd deployed clue like this. No security solution is perfect, but this helps.

    P.S. Take the drive to another machine without bios support and it's dead, useless, as if it has failed. Take it to one with a bios support for hdd passwords and it just pops up and requires a password.

  28. Pete Steege
    Thumb Up

    It's the next step

    Self-encrypting drives are the next step in consolidating important features, much like chip set features migrate into CPUs.

    And it doesn't have the hackable gaps of software encryption: http://tinyurl.com/5nkoet. We're going to see this as a default drive feature for business someday.

  29. Dave White

    My humble opinion

    The way I understand it, the encryption key does indeed never leave the drive. This works in a similar way to Kerberos authentication; the user enters a password during POST, which is sent to the HDD. The HDD encryption controller then creates a key from this password and compares it to the stored key and uses the result of this comparison to allow or deny access.

    Booting from a live CD will not help as the contents of the drive are encrypted, live CD's wont even see the partition table let alone the data.

    The real beauty of hardware encryption such as this lies in the performance gain. Software encryption creates quite a high performance overhead when performing disk I/O (that would be all the time then). Hardware encryption uses a dedicated encryption controller located physically on the HDD, taking the load off the processor and resulting in no overhead. Think back to the early(ish) days of PC gaming when games could be run with software or hardware video acceleration, and the performance benefits gained from having a dedicated graphical processing unit.

    As several people have commented however, encryption is only one step on the road to preventing data compromise. User education is the hardest bit, getting users to use strong passwords, to not forget these strong passwords, to not write these strong passwords down and to not copy their data from their (encrypted) HDD to their (unencrypted) removable media!

This topic is closed for new posts.

Other stories you might like