Date: Tue, 26 Feb 2008 12:45:44 +0100 From: Uwe Doering <gemini@geminix.org> To: Achim Patzner <ap@bnc.net> Cc: freebsd-hackers@freebsd.org, "David E. Thiel" <lx@FreeBSD.org> Subject: Re: Security Flaw in Popular Disk Encryption Technologies Message-ID: <47C3FBE8.8010201@geminix.org> In-Reply-To: <9111966B-DB9C-41E3-9D30-168D668585A9@bnc.net> References: <20080223010856.7244.qmail@smasher.org> <20080223222733.GI12067@redundancy.redundancy.org> <31648FC5-26B9-4359-ACC8-412504D3257B@bnc.net> <47C345C9.8010901@geminix.org> <9111966B-DB9C-41E3-9D30-168D668585A9@bnc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Achim Patzner wrote: > Am 25.02.2008 um 23:48 schrieb Uwe Doering: >> Since it hasn't been mentioned so far: There are hard disk drives that >> do encryption on the firmware level, so you don't have to store keys >> on the OS level. > > I wouldn't go that far as there isn't (better: I didn't find) > enough documentation on their mechanisms to satisfy my curiosity. I haven't tried so far, but perhaps they can provide additional docs or pointers to already downloadable whitebooks on request. In the past, I found a number of whitebooks on their web site detailing various aspects of their storage technology. Quite interesting stuff. :-) > You might want to take a look at eNova (http://www.enovatech.net/) > who are pointing at interesting hardware using their crypto technology. Interesting approach as well. Thanks for the pointer. However, given that notebooks are the most vulnerable group of computers in this regard, the drawback I see is that the notebook manufacturers first have to adopt this solution, since you normally cannot put such additional hardware into a notebook yourself. This restricts your choice of notebooks, and you also still have no solution for notebooks that you already have. For this reason it struck me as a clever idea to do the encryption in the HDD's firmware. This way you need no additional hardware and can equip each and every notebook sporting an SATA interface with sufficiently secure HDD encryption, without support from the notebook manufacturer because a HDD is a user replaceable part. Regards, Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47C3FBE8.8010201>