Seagate announces hardware FDE for laptop and desktop machines

Simon Josefsson simon at josefsson.org
Fri Sep 7 05:46:22 EDT 2007 

Jacob Appelbaum <jacob at appelbaum.net> writes:

> Seagate recently announced a 1TB drive for desktop systems and a 250GB
> laptop drive. What's of interest is that it appears to use a system
> called DriveTrust for Full Disk Encryption. It's apparently AES-128.
>
> The detail lacking press release is here:
> http://www.seagate.com/ww/v/index.jsp?locale=en-US&name=seagate-unveils-new-giants&vgnextoid=6bb0e0e1f0494110VgnVCM100000f5ee0a0aRCRD
>
> The relevant excerpt of it appears to be:
> "The Barracuda FDE (full disc encryption) hard drive is the world?s
> first 3.5-inch desktop PC drive with native encryption to prevent
> unauthorized access to data on lost or stolen hard drives or systems.
> Using AES encryption, a government-grade security protocol and the
> strongest that is commercially available, The Barracuda FDE hard drive
> delivers endpoint security for powered-down systems. Logging back on
> requires a pre-boot user password that can be buttressed with other
> layers of authentication such as smart cards and biometrics."
>
>
> I found this somewhat relevant paper (though it seriously lacks
> important details) on DriveTrust:
> http://www.seagate.com/docs/pdf/whitepaper/TP564_DriveTrust_Oct06.pdf
>
> Has anyone read relevant details for this system? It seems like
> something quite useful but I'm not sure that I trust something I can't
> review...

Hitachi's white paper is available from:

http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf

(Btw, it contains something as rare as a reasonable threat analysis!  At
least compared to other advertising materials...)

After having acquired the 1TB device, and didn't find any support for
this feature, I re-read some information: The interesting part is the
final sentence of the white paper:

   Hitachi will be offering the Bulk Data Encryption option on all new
   2.5-inch hard disk drive models launched in 2007, including both the
   7200 RPM and 5400 RPM product lines. At the request of the customer,
                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   this option can be enabled or not, at the factory, without any impact
   on the drive?s storage capacity, features or performance.

I wonder how easily it would be to request this for a normal customer.
I gave up when my supplier said they didn't offer this configuration.

I would be interested to know which key-derivation function they are
using, I'm assuming the key is derived from a password, and which AES
mode and IV etc.  Knowing that may enable you to verify that data is
really stored encrypted: buy two devices, set up one to use disk
encryption, and swap the logic boards and then read data from the
supposedly encrypted disk.  As for finding out if they accidentally also
write down the AES key on some hidden part of the disk, that may be more
difficult...

/Simon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list