Major storage vendors agree to disk encryption standards
By Nilay Patel 
posted January 29th 2009 7:49AM
posted January 29th 2009 7:49AM
We've seen quite a few hardware-encrypted disks hit the scene lately, but to be honest, we've always thought they were a risky investment, since all the systems were proprietary -- we wouldn't want to store our encryption-worthy data on a disk that can't be read at all in a few years, after all. That's happily about to change, though -- the Trusted Computing Group has just announced that virtually every drive maker has agreed on a set of 128-bit encryption standards covering SSDs and HDDs. That's Fujitsu, Hitachi, Seagate, Samsung, Toshiba, Western Digital, IBM, Wave Systems, LSI, and ULink Technology, if you're keeping score at home (and we know you are). Ideally this means that we'll see easy cheap disk encryption filter onto mainstream consumer storage, which would basically invalidate all those "I'm stealing this hard drive out of your laptop and using it to log into your Facebook account" crimes of passion we know the kids are into these days. Best part? Fujitsu, Seagate and Hitachi are all already shipping drives that support the TCG standards.[Via Digg]
Hurray now I can keep my pron all save and secure.
i thought is was pr0n...
You misspelled fujitsu (fujitsi in article)
I've noticed there has been a large amount of errors in articles this last week which is uncharacteristic of engadget. Its as if they've got one big hangover.
CES took a lot outta them i guess?
Didn't Fujitsu just announce that they were killing their drive division anyway?
What happens when your PC motherboard dies and you need to recover files off the hard drive?
Not a problem, just recite the pass phrase to the new laptop, or for the more sadistic, manually enter the AES 128 or 256 bit key.
It is just an interface between the keyboard and a disk based encryption chip. This bypasses the OS for the best feature, no special OS drivers required (OS will/should not be aware of it).
Where's ExcelStor?
I'm stealing this hard drive out of your laptop and using it to log into your Facebook account
lol
would it say tcg on the box? i saw a seagate encrypted at BB already, looked nice but was 30$ more and 120GB less than standard external drives...
So I just wrote and erased a whole paragraph (before fully reading the linked article) about how bad this sucked for someone whose hard drive crashed. While most of my fears are allayed, this brings into effect one more mode of failure for hard drives: type in your encryption password at bootup and it doesn't work.
Another question... will this standard be workable w/ USB connected drives? I just salvaged someone's computer (their desktop and my docs files) using a disk recovery program, and put the info onto their new hard drive. While they lost a day and a half of work (me too, pretty much), they didn't lose any important data. If I put an encrypted drive into a USB caddy, will Windows / Unix / OSX prompt for an encryption password?
Industry standardization is all well and fine, but it does have one drawback. If somebody cracks the encryption scheme then they crack it for all drives. Kinda like WEP and WPA, nice for compatibility but gives hackers one big target to aim at instead of multiple vendor specific ones.
I was thinking the exact same thing. Besides with proprietary systems you get competition and in turn, better encryption overtime
Its not like 128 bit is hard for people who know what their doing but it will be fine to stop most people seeing you credit card details / pr0n / file sharing/ nekid photos of kids
But..what is the purpose of having encrypted data on a drive that you can't read because your proprietary encrypted SCSI card just failed, and they are now unavailable to purchase, no one has that specific version of BIOS, or you don't know what version of BIOS it was running.
Or, even worse, a BIOS upgrade "redoes" the encryption for you, instantly setting you to day zero (I've seen it with older SCSI raid cards).
Locked info is only useful if it can be read later. Otherwise, save some cash and time, just write your important for-your-eyes-only stuff to /dev/null.
Encryption... Standards: Sounds like a hackers play ground to me, they'll just prance right in already knowing what to expect. But then again what do I know.
The FBI and the NSA like this plan too.
Yep, I'd be astounded if the NSA hadn't designed a back-door into the new standards.
What worries me about this is the overall acceptance by all the vendors usually denotes some federal government cooperation. The Trusted Computer Group is also known as the Treacherous Computing Group in most open source circles because of the secret keys they allow the US Fed to incorporate into their technologies. There is a long history of this.
Why doesn't everyone just use a free, open source encryption software tool like Truecrypt (http://www.truecrypt.org). You can encrypt your entire hard disk (active boot hard disk as well) as well as make individual encrypted files in about any encryption standard you chose and also chose from a list of various hash algorithms. This is MUCH more secure (and safe from the feds) than any encryption the vendors will use. I personally want encryption that is secure against more than just the minor thief that takes your briefcase when you turn around. I want something that's protected against our corrupt governments (state and federal) as well.
Well if you're correct, this standard should be good for everyone as long as you aren't doing anything criminal against the government, right?
TrueCrypt ??
All those drives will use BIOS to ask for your password? If yes, how are they going to work with a mac?
They dont, why would they
This would have higher resolution than a HDTV (only 1080 lines of resolution) so I still can't understand why HDTVs cost so much.
Because this is a hard drive, and is therefore designed for the storage of media and not its display.
Irrelevant to me.
I use TrueCrypt for Windows systems, and LUKS/dm-crypt for Linux-based systems.
Everything is transparent after unlocking the volumes.
128-bit is not sufficient - the government requires 256-bit AES for its own use. Encryption is one thing, but the devil is in the details, most importantly key management. Can you erase the encryption key on the drive (and thus effectively erase the data) even if it has failed?
Nicely written.Its information is very meaningful and unique. You doing a good job. Keep it up.