Never lose notebook data again. Not if you have a Dell notebook: the company is producing self-encrypting laptops with Seagate encrypting drives and McAfee security software. Seagate is now shipping 5400 and 7200 rpm Momentus notebook drives with 320 and 500GB capacity and full disk encryption options. This is AES 128-bit US …
Of computers and baseball
>McAfee security software.
>This is AES 128-bit US government-grade
Strike three ...
All this effort
All this effort must cost a fortune. The solution?
STOP leaving all the countries personal data on trains!
See, that didn't cost much did it? Problem solved.
Am I missing something?
Micro$haft must love this - what happens when your HDD crashes or the OS gets corrupted?
"Sorry mate, your disk's encrypted at the hardware level - you'll have to buy a new one with the OS installed since the HDD's onboard protection prevents overwriting system files to prevent data theft..."
And, I'm assuming there is some sort of tie-in between the HDD and the original MoBo - since it has to be able to boot up and be used by a 'valid' user, how can it tell the difference between the original, "permitted" owner and the [EXPLETIVE DELETED] who stole it or the poor unsupecting second-hand buyer who got it off EvilBay but (presumably) shouldn't have access to the stuff that was worth encrypting in the first place?
What about overseas travel to those censorous Dictatorships where you have to surrender your IT kit on arrival to fight Terrorism? What happens when you *cannot* supply the decryption key since it's hardware-encoded? (And why is it that Senior Execs from EU arms companies are subjected to the full shakedown while the PFY from backwater Hicksville, OH gets through with his top-of-the-line laptop containing Timothy McVeigh's life story and the Anarchists' Cookbook gets through unchecked..??)
I for one welcome our unreadalbe Hardware Overlords.
Never lose notebook data ever again...
Unless you forget your password..
Can they also automatically encrypt any kind of writeable media connected to it? That would save UK.gov lots of embarrassment in the future. I mean 2data loss" embarrassment as other kinds will still prevail ;)
is that knowing our incompetent government, they'll all be encrypted yes, but also have a very handy postit note with the password stuck to them :P
First, TrueCrypt already does this and is free.
Second, quote "The encryption key never leaves the drive and so is not susceptible to the cold boot attack." Exactly how do they encrypt data if the key never leaves the drive? There are memory chips and circuits in the hard drive that contain the encryption key, so ... busted!
Third, these babies come loaded with 256MB non-volatile memory to store recent reads/writes from/to the disk. This data is presumably unencrypted.
Lenovo + Hitachi ?
Errm this sort of bulk encryption has been available for years. Lenovo (IBM Thinkpad as was) + Hitachi h/d (IBM as was) = bulk encrypted hard drive simply by selecting the appropriate BIOS option.
Safest laptop ever...
Encrypted hard drives, bitlocker technology, power on passwords, boot passwords, Windows passwords, encrypted file system and last but most important, the self destruct battery mechanism.
Paris, she wishes her cell phone had all this....
If I drop a 'live cd' in the tray and re-boot, what will happen ?
In my experience, once the live cd OS is running, it gives access to any / all data on the hard drive, so makes encryption redundant.
The only solution I have found useful, is to apply the encryption at the document / file level, so even though it can be seen, it can not be accessed.....
I thank you.
Maybe Seagate should provide a stack of these drives to the government for free so they don't loose any more data on laptops.
Oh hang on, the government's favourite pass time is saving confidential data on USB pen drives and CD/DVD media aint it.
How long until HM Government places a few orders then!?
Can we have it without sucky McAfee?
McAfee sucks ass, as the Americans would say.
The only experience I want with McAfee products is uninstalling them.
Is there an option from another vendor, one that doesn't write inherently flawed "security" software?
And about time too...
It's been obvious for years that encryption should be on *every* hard drive, even if driven from the bios. So this is a step in the right direction, even if McAfee is involved - still the bios options would mean this should work for those of us of the penguin persuasion.
Mind you - does 'Government Grade Encryption' mean 'we left a back door, just in case'?
now they just need to make them non stick so the users can't attach post-it notes with the passwords on to them
But can you trust it?
So many commercial security products turn out to be badly implemented or have government-dictated back doors. So, if you seriously care about keeping stuff secret, you're probably better off with open-source software encryption, though it wouldn't hurt to have this as well, I suppose.
How useful is it in the context of recent laptops left in pubs / cars that have walked...
Don't you just have to get past the MS Windows XP / Vista password or is that so secure this is the last piece of the jigsaw puzzle ? I'd extend this to Linux but don't think any government department or large corporation is running Linux on laptops.
There'll probably be a backdoor built in so the US government can retrieve the data if they wish. I'd still use my own encryption software on those laptops as well.
Why is the rest of the world obliged to conform to US laws about encryption strengths?
What would be the possibilities of a code implanted in hidden data that would convert it to harmless files of similar sizes that make sense but are in reality a mere smoke screen?
chris you swore!
128-bit? "US Government Grade"?
I instantly don't trust that. If it's not at least double 256-bit encrypted, I'm not interested. ;-)
When it comes to encryption, the rule is: find out what you need, then find out what's above that, then find out what the ridiculous level above that is, and use that.
Personally, a bitta TrueCrypt and I've got a chuck-away encrypted partition that I can replace or upgrade as required. Hardware level might be a bit quicker (though this is [pretty good), but it's a damn sight harder to upgrade as requirements increase.
Is somebody new to computers or something? "Data loss" has never meant "somebody else has access to our data". "Data loss" means, quite literally, loss of data (as in "the data cannot be recovered; it has been lost"). The technology this article mentions is to prevent data theft or unauthorized data access. Saying this technology will prevent data loss is like saying credit monitoring will prevent death.
Lost or found
As the previous commenter said, this does not prevent data from being lost, it prevents it from being found. Anyone stupid enough to leave a laptop containing highly sensitive information on a train will probably engrave the password on the case.
The user security hole
Want to bet that almost every one of these laptops with an encrypted drive has the password written on a sticky label on the outside?
Yes, how secure. Secure like a 3 cm high fence.
Truecrypt FTW, it is free, usable on non-dell laptops and not a big piece of crap like mcafee.
Maybe I'm stupid...
But I don't see how this works.
If "the key never leaves the drive", then how the HDD know the person currently using it is allowed to use the HDD? Or is the decryption *always* on by default?
If the HDD gets authorisation from outside the drive, then it is susceptible to hacking, keystroke logging, etc...
Please, explain to me how this is a "Good Thing"(tm). No really, please, I'm serious. I must be missing something.
Not sure you quite get how it works...
I think there is a bit of confusion here by some. The drive asks the bios to request a password, so you can only use it as I understand on systems with a bios that understands this. On my laptop, it goes through the normal bios passwords, then pops up and tells me that hard disc (serial number) requires a startup password. If i don't give it, the drive won't spin up, and doesn't work.
This happens at BIOS level, so, if I put in a "live cd", the hard disc still can't be accessed as I have to authenticate at bios level first.
It won't stop all forms of hacking no, but it will stop a lot of it, and certainly would have improved UK.gov chances if they'd deployed clue like this. No security solution is perfect, but this helps.
P.S. Take the drive to another machine without bios support and it's dead, useless, as if it has failed. Take it to one with a bios support for hdd passwords and it just pops up and requires a password.
It's the next step
Self-encrypting drives are the next step in consolidating important features, much like chip set features migrate into CPUs.
And it doesn't have the hackable gaps of software encryption: http://tinyurl.com/5nkoet. We're going to see this as a default drive feature for business someday.
My humble opinion
The way I understand it, the encryption key does indeed never leave the drive. This works in a similar way to Kerberos authentication; the user enters a password during POST, which is sent to the HDD. The HDD encryption controller then creates a key from this password and compares it to the stored key and uses the result of this comparison to allow or deny access.
Booting from a live CD will not help as the contents of the drive are encrypted, live CD's wont even see the partition table let alone the data.
The real beauty of hardware encryption such as this lies in the performance gain. Software encryption creates quite a high performance overhead when performing disk I/O (that would be all the time then). Hardware encryption uses a dedicated encryption controller located physically on the HDD, taking the load off the processor and resulting in no overhead. Think back to the early(ish) days of PC gaming when games could be run with software or hardware video acceleration, and the performance benefits gained from having a dedicated graphical processing unit.
As several people have commented however, encryption is only one step on the road to preventing data compromise. User education is the hardest bit, getting users to use strong passwords, to not forget these strong passwords, to not write these strong passwords down and to not copy their data from their (encrypted) HDD to their (unencrypted) removable media!