digg

Facebook Connect Join Digg About

Disk Encryption Standards Could Muddy Data Recovery

computerworld.com So all disks in the future will be fully encrypted - great. So what happens if you lose your password or damage your drive?

Who dugg this? Made popular Feb 4, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

86 Comments

show profanity settings
expand all
  • mechnoch, on 02/03/2009, -4/+54Damaged drive? Just replace it and restore from your backup, duh. Oh, don't have a backup? Sucks to be you.
  • Tiak, on 02/04/2009, -3/+23Did this article just describe having to back up data to have it restored as a daunting scenario?... Seriously?...
  • DamnMan, on 02/04/2009, -1/+16http://www.youtube.com/watch?v=LA4Xx5Noxyo

    You don't generally leave your password on everything you touch, but you do leave your finger print.
  • anixmander, on 02/04/2009, -0/+14Hasn't it already been proven that fingerprint scanners are easily faked?

    Seems to me I read about something like that not long ago.
  • Regulator980, on 02/04/2009, -0/+11You're thinking about Mythbusters.

    http://www.youtube.com/watch?v=MAfAVGES-Yc
  • thedragon4453, on 02/04/2009, -0/+11Yep. Its all fun and games until you start getting your finger cut off so some jackass can get to your porn collection.
  • orville1151, on 02/04/2009, -0/+11As long as it's always optional as to whether or not my drives have hardware encryption, I don't really care.
    I would rather just keep using software encryption for the few things I need encrypted.
  • waitasec, on 02/04/2009, -0/+10I love the comment about TCG working on a method for recovery firms that would not require a password. Encryption defeated.
  • inactive, on 02/03/2009, -7/+17Easy, implement fingerprint scanners on computers offering full encryption. Plus it's easier than remembering passwords, and more secure (unless someone slices around your finger and peels back your skin to put it on his finger, scan, all to get to your porn collection)
  • anixmander, on 02/04/2009, -0/+10Here, this help you?

    http://spie.org/x24487.xml?ArticleID=x24487

    That wasn't exactly what I remember hearing about, but close enough. If I remember right, they discussed it at one of the big hacker conventions in Europe last year. Biometrics are easier to spoof than was thought.

    Glad to hear your clone is cancer free. /s
  • qwertydvorak, on 02/04/2009, -1/+11most people don't backup, and don't know how. even when you give them the tools.
  • Lifehedge, on 02/04/2009, -0/+10I don't like hardware encryption. Too many possible backdoors (you know, to catch "terrorists"). Software encryption like Truecrypt is where it's at. Same speed and under your control.
  • inactive, on 02/04/2009, -0/+9And the thing with biometrics is that once yours is copied and out there, it's not just as easy as changing your password; you're *****.
  • nils, on 02/04/2009, -2/+11Uhm - duh? What do these people think encryption is for, anyway? Buried as stupid.
  • Magnus101, on 02/04/2009, -1/+8Why would they want to encrypt all consumer drives in the first place? What is the purpose of doing this? I definitelly don't need it!
  • Myztry, on 02/04/2009, -0/+7For the majority of people it's just another thing to worry about. The drive is accessible when booted which is it most vulnerable (malware) time anyway. For the majority of the rest of the people there is TrueCrypt and other soft solutions.
    My biggest concern is encryption becoming compulsory, and rather than protecting your data, only really serving to protect the rights and agendas of third parties under 'trusted computing'. The Xbox being a prime example.
    Trusted computing isn't about trust. Only one side ultimately holds all the keys, and it's not the consumer.

  • microview2007, on 02/04/2009, -1/+7Just drop it off at your nearest FBI, NSA, or HLS office. They can unencrypt your data should you loose your password or key.
  • Lifehedge, on 02/04/2009, -0/+6Fingerprints are useless. You basically go around leave your password ie your fingerprint all day long on hundreds of objects.
  • Suricou, on 02/04/2009, -0/+5They are. Even if the controller and one or more of the flash chips has completly burned out, it's still possible to desolder the good chips from the board and extract the data off those for a partial recovery. Just how much is useable depends on the design of the drive. You'll probably get 16K chunks of good data interspersed with 16K chunks of blank where the dead chip used to be.
  • sageerrant, on 02/04/2009, -1/+5...ha, 'RAID array' is, redundantly, a redundant array of independent disks array.

    But your point stands. Important data deserves more than just the hope that nothing fails.
  • canreacchio, on 02/04/2009, -3/+7Im sure that hackers could break harddrive encryption through brute force methods.....
  • Twee, on 02/04/2009, -0/+4I ***** hate that Microsoft doesn't allow the Xbox 360 hard drive to be user replaceable, unlike the PS3. I refuse to pay $100+ for a 60GB hard drive.
  • uberduger, on 02/04/2009, -0/+3I just looked at your comment history. You're very, very weird. I like that.
  • uberduger, on 02/04/2009, -0/+3It's more like "don't use your own crazy home-installed lock, use this standard lock to which we have a skeleton key".
    \tinfoil
  • imacoder, on 02/04/2009, -0/+3Ok...I'll stop locking my front door so if I forget my keys I won't be locked out.
  • Tarnum, on 02/04/2009, -2/+5They want a HDD with TPM module?

    http://en.wikipedia.org/wiki/Trusted_Computing #Criticism_of_Trusted_Computing

    When you create a private/public key today it is done on the local computer and the creator has complete control over who has access to it. Encryption and decryption chips have a completely static private/public key that is etched into the hardware when it is manufactured, and hardware manufactures have every opportunity to see it and copy it without leaving evidence of doing so. With this key it would be possible to have access to data encrypted with it, and to authenticate as it. It would be fairly trivial manufactures to give a copy of this key to the government...
  • beermad, on 02/04/2009, -0/+3How loose do my data have to be?
    I'm more worried about losing it, personally.
  • byrdgang, on 02/04/2009, -0/+3What proof do you have that the FBI/NSA/HLS or any government agency has the technology and know-how to break down hard drive encryption?
  • Hurricane, on 02/04/2009, -0/+3You learn something new everyday.

    Although I figured somebody like Drivesavers was figuring out how to stay in business when the disk world dies soon.
  • PrintScrn12, on 02/04/2009, -0/+3Remember though RAID is not a substitute for backup. It only protects against hard drive hardware faults. What happens if the problem is from the software? What happens if the RAID controller goes crazy? What happens when it's the user's fault?
  • veriix, on 02/04/2009, -0/+3What if the user goes crazy?
  • byrdgang, on 02/04/2009, -0/+2Great assumption...any hard data proving your claim? I would like to see specific tests. Please mention the type of encryption as well.
  • bonerfide, on 02/04/2009, -0/+2This is not about protecting your data but allowing 3rd parties to tell you how you can use your computer.Be afraid...........be very afraid

    From wikipedia

    Possible applications of Trusted Computing

    [edit] Digital rights management

    Trusted Computing would allow companies to create a Digital rights management system which would be very hard to circumvent, though not impossible. An example is downloading a music file. Remote attestation could be used so that the music file would refuse to play except on a specific music player that enforces the record company's rules. Sealed storage would prevent the user from opening the file with another player or another computer. The music would be played in curtained memory, which would prevent the user from making an unrestricted copy of the file while it is playing, and secure I/O would prevent capturing what is being sent to the sound system. Circumventing such a system would require either manipulation of the computer's hardware, capturing the analogue (and possibly degraded) signal using a recording device or a microphone, or breaking the encryption algorithm.
  • Wornstrom, on 02/04/2009, -0/+2username says it all :)
  • imprestavel, on 02/04/2009, -0/+2AFAIK, you can scan the fingerprint and, using a fingerprint algorithm like the ones used for image and music, you can make a "fingerprint fingerprint" that is always the same for that fingerprint.
    You could use that "fingerprint fingerprint" as an encryption key on any symmetric algorithm, and maybe in asymmetric too with a little more work.
  • Culyt, on 02/04/2009, -2/+4So don't enable it.

    It's quite important that encryption is wide spread to things like laptops and servers are encrypted they could be storing your personal details for instance.

    With that said one of the main reasons is that from the sound of it the drive is basically bricked without the password unless you enable it to be erased, you need to buy a new drive.

    Personally I would like to have full drive encryption, you could always be at the end of an MPAA lawsuit for example, or have your system stolen, why make it a special model of drive if its cheap enough to enable on all drives?
  • thedrue, on 02/04/2009, -1/+3I for one am not interested in encrypting all of my data... I can do it for the small amount of sensitive info on my drives but don't see the point for the whole disk. Besides won't constant encryption and decryption slow the drives down considerably?

    As long as the encryption is optional who really cares anyway?
  • Samurai77, on 02/04/2009, -0/+2Not so much in a laptop.
  • microview2007, on 02/06/2009, -0/+1Is the code open and published for public inspection? Can these drives be exported? Is the key 40-bit or more? My guess is if the government couldn't get into the data for search then they would be raising a stink right now about this is an issue of national security and how terrorist would be able to use this technology to carry out evil plans and beating the drum to get a law against it.
  • bonerfide, on 02/04/2009, -0/+1From the trusted computing article in wikipedia.

    Trusted Computing opponents such as the Electronic Frontier Foundation and Free Software Foundation claim trust in the underlying companies is not deserved and that the technology puts too much power and control into the hands of those who design systems and software. They also believe that it may cause consumers to lose anonymity in their online interactions, as well as mandating technologies Trusted Computing opponents deem unnecessary. They suggest Trusted Computing as a possible enabler for future versions of mandatory access control, copy protection, and digital rights management.
  • linagee, on 02/05/2009, -0/+1It's so that way people start storing incriminating evidence on the drive making them feel secure. Little did they know that big brother was watching over their shoulder the entire time.
  • mississippiman, on 02/04/2009, -0/+1or ATM Machine
  • linagee, on 02/05/2009, -0/+1"working with data recovery firms to create a technique that would allow them to recover encrypted data on drives using the standards, without requiring a user password."
    Wow that's handy. I'm sure nobody will have the super duper encryption specialist master key either.......right.
  • MWeather, on 02/04/2009, -0/+1"If this is going to be a requirement then Each Manufacture needs to provide FREE service to Un-brick non-business consumers hard drives in no less than a 7 day turnaround."

    If it were that easy to decrypt the data without the password, then there is something seriously wrong with the encryption being used.

    Even with a supercomputer, you're looking at months (if you get lucky) or years to crack strong encryption. That much time on a supercomputing cluster would cost hundreds of millions of dollars.

    If you don't want to loose your data when you loose your data like this, either back it up, or don't encrypt it.
  • badtzmartin, on 02/13/2009, -0/+1Let's say it's business data, and the user dies. How do the principals of the business access the data if it's protected with a dead employee's finger?
  • Culyt, on 02/07/2009, -0/+1Firstly software encryption has overhead.

    TrueCrypt is also a bit of a concern due to its very closed and shady development process (although it is opensource itself).

    People such as doctors with medical files are also not likely to bother to implement something like truecrypt or even be aware of its existance but if there is a drive encryption standard built right into BIOSes, OSes and such then its likly to get attention.

    TrueCrypt offers no advantage over onchip HDD encryption.
  • MWeather, on 02/04/2009, -0/+1I think you mean forget your password. Losing it implies it was written down or stored in a text file, and that would be stupid, right?
  • Winston84, on 08/29/2009, -0/+1I'm sure you don't know what you are talking about ..
    A device that could check a billion billion (10^18) AES keys per second would require about 3*10^51 years to exhaust the 256-bit key space. Just to compare that number to something :
    The age of the universe is 13,000,000,000 (1.3*10^10) years, give or take a few, unless you are a Creationist, in that case science and math doesn't matter anyway and you will continue to believe whatever you want to believe .

    Now you try to calculate the energy required to DO that ...
  • jp12380, on 02/04/2009, -0/+1Then just buy 2 lower capacity disks and setup raid 1. HDs are cheap right now.
  • Fetching more discussions...
    Show 51 - 90 of 90 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.