Seagate announces hardware FDE for laptop and desktop machines
Steven M. Bellovin
smb at cs.columbia.edu
Tue Oct 2 12:37:47 EDT 2007
On Tue, 02 Oct 2007 15:50:27 +0200
Simon Josefsson <simon at josefsson.org> wrote:
>
> It sounds to me as if they are storing the AES key used for bulk
> encryption somewhere on the disk, and that it can be unlocked via the
> password.
I'd say "decrypted by the password", rather than unlocked, but that's
the right way to do it: since it permits easy password changes. It
also lets you do things like use different AES keys for different parts
of the disk (necessary with 3DES, probably not with AES).
> So it may be that the bulk data encryption AES key is
> randomized by the device (using what entropy?) or possibly generated
> in the factory, rather than derived from the password.
>
There was this paper on using air turbulence-induced disk timing
variations for entropy...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list