[Cryptography] Shredding a file on a flash-based file system?
Bear
bear at sonic.net
Thu Jun 19 15:52:47 EDT 2014
On Thu, 2014-06-19 at 13:48 -0400, Perry E. Metzger wrote:
> I must say I do *not*
> trust hard drives with built in encryption, because there is no way to
> test that they are working correctly.
I have never understood the threat model that these drives
supposedly protect against.
Under what circumstances would an attacker have the drive
platters in hand, but not have access to the key which is
stored in the drive hardware?
If there were a worthwhile "encrypted drive" technology, the
decryption routine, but not the key, would be built into the
BIOS and the key would not be stored anywhere outside a
volatile register - preferably one physically incapable of
being read or written by any hardware at all other ythan a
hardware channel from the keyboard (opened by the BIOS chip
only during bootup) and a hardware channel to the disk
driver (opened by the BIOS only after bootup).
Under that system you could not do so much as read the boot
sector without first entering the key at the local keyboard.
Of course, even if something that acts like that appears,
which is unlikely, it will be a fake. Various agencies simply
will not allow manufacturers to make a system that crooks
cannot break into. This is kind of like trying to keep
houses and shops safe in a city where lockable secure doors
are illegal.
Bear
More information about the cryptography
mailing list