Michael's Profile

Member since May 20, 2008

  • Name

    Michael Cal

  • Location:

Favorite Files

Recent Posts

  1. Comment - NSA authorizes Seagate self-encrypting HDD for government use

    (May 20, 2008 - 2:53 PM)

    A step in the right direction iff (if and only if) it is used correctly by the end users.

    Specifically:

    1. Encryption will not protect from a guessable or carelessly handled encryption key.

    2. Encryption will not protect from a hardware keylogger that intercepts that key long before the computer has booted.

    3. Encryption will not protect from someone (or an overhead camera) getting a glimpse of the key being entered.

    4. All electrical circuits carrying alternating current radiate; just exactly how "uninterceptable" is the radiation of every possible keyboard and computer configuration that this hard drive will be used with? (Seagate cannot possibly answer that).

    And then there is the whole different story of who has the "emergency password recovery files" stated in the article and how well are they protected?

    And if that were not enough, there are the usual additional concerns:

    1. Does the vendor (Seagate or whoever) have an additional decryption key (ADK) for "lawful interception? If so, just exactly how well is it protected? If Seagate says they have no ADK, who vouches for that that we can trust?

    2. Who (that we can trust) vouches for the accuracy of the implementation of the AES in the Seagate chip? Just because "it works" means absolutely nothing.

    Sorry, but while NSA may have blessed this for unclassified documents (which is a good thing because something is better than nothing), I wouldn't put too much faith in Seagate's device for anything truly sensitive none the less.

    Oh, and another thing. Once the authorized user has authenticated himself/herself to the hard drive, all protection afforded by the encryption disappears while the computer is "on". If the authorized user goes to the restroom and leaves the machine "on", or even leaves the live machine connected to a network that it can be hacked through, the encryption of the hard disk buys nothing since it will be transparent to the user (authorized or not).

    Michael