Hard disks now encrypt themselves
Seagate shows DriveTrust technology
ONE OF THE more interesting things I heard about at IDF was a new tech from Seagate called DriveTrust.
Imagine digital encryption for drives that works independently of the computer, basically the drive does it all at (presumably) drive speed. This has several advantages over software and computer based schemes, and a few downsides.
First off, everything is stored on the drive, and it is transparent. You put it in a computer, set a password, and forget it. While the press release does not say how you can boot off an encrypted volume that the BIOS does not 'need' to be aware of, one assumes this is possible. My guess it that it can selectively encrypt volumes and files. Theoretically it is painless.
If you need to put in a password to boot, the drive will be DOA until you get the aforementioned BIOS recognition. Another down side is that if the keys are on the drive, it does not do much good in a loss or theft situation, if you give someone the lock and the key, it is not a very secure setup now is it?
On the flip side of this, the drive can do something that few other solutions can, it can wipe a drive in far less than a second, and do so very securely. If you blank the keys, the data on the drive is completely readable gibberish. This means you go from analysing a platter to cracking AES, a much more complex problem.
What happens if you lose the keys? Normally, you just call the vendor up, beg, and they fix it for you, sometimes at a cost. Seagate essentially told me at IDF that it has a program called SOL to help here. That is, you call them and they tell you you are Shit Outa Luck for absolutely no cost. Basically there is no back door, if you lose your keys, game over. The end. Really. Don't say you were not warned.
For a lot of companies, governments and other security-conscious organisations, this is just what they want. For Joe Average, well, it can be problematic if he doesn't have a robust PKI infrastructure, or the post-it note falls off the monitor and the cleaning lady gets it.
Luckily, there are only two lines of drives that this comes on for now, so you aren't likely to buy one by mistake and set a PW completely by accident. The Momentus 5400 FDE.2 and the DB35 are the only two that have it for now. The 5400 is a laptop part, something that few non-techs pick up casually. The DB35 is aimed at DVRs and other media apps, again something that you get with a machine, not over the counter. There is also no word on price premiums yet, if any. It looks like Seagate has potentially done the right thing here, an open and self-contained crypto infrastructure on a drive. As is always the case with encryption, things can be very right or very wrong. It will be interesting to see what happens when these things get into the hands of the crypto folk and they are pounded on. Whatever the case, keep an eye on these products, they have a lot of potential.
The INQuirer
|