Print 37 comment(s) - last by Jack Ripoff.. on Feb 6 at 9:35 AM

And so they forged the encryption of power, one encryption to rule them all

With reports of sensitive and, at times, top-secret information being lost on the hard drives of notebook computers, keeping data safe is one of the most important things for business and consumers today. One problem is that hard drive makers often used their own encryption format, which made things confusing for the consumer.

ComputerWorld reports that hard drive makers have now agreed to use the same encryption method for full-disk encryption (FDE) that can be used across all brands of hard drives and SSDs. When FDE is enabled, the computer requires a password before it will boot and all data on the drive is encrypted.

The final specifications for the encryption standard were published this week by the Trusted Computing Group (TCG) and cover specs for FDE in notebooks, desktop and server applications. Robert Thibadeau from Seagate said, "This represents interoperability commitments from every disk drive maker on the planet. We're protecting data at rest. When a USB drive is unplugged, or when a laptop is powered down, or when an administrator pulls a drive from a server, it can't be brought back up and read without first giving a cryptographically-strong password. If you don't have that, it's a brick. You can't even sell it on eBay."

Settling on one single encryption standard will allow all drive makers to build security into all products, which will lower the cost of production and make it easier for user to secure the data on their computers.

This is big news for enterprise environments where a standard encryption protocol means less configuration and less hassle during installation along with less management down the road. The specifications allow encryption to be set by administrators and can’t be turned off by end-users.

One very important factor is that modern FDE has come a long way and now only marginally effects read-write speeds of hard drives. Writing data to an encrypted drive is almost as fast as writing data to a non-encrypted drive. The companies that are members of the TCG include Fujitsu, Hitachi GST, Seagate Technology, Samsung, Toshiba, Western Digital, Wave Systems, LSI Corp., ULink Technology, and IBM.

Analyst Jon Oltsik from Enterprise Strategy Group said, "In five years time, you can imagine any drive coming off the production line will be encrypted, and there will be virtually no cost for it."

The three specifications for FDE includes the Opal spec for outlining minimum requirements for a storage device in a PC or laptop. The Enterprise Security Subsystem Class Specification is aimed at drives in data centers where minimum security configuration is needed during install. The final spec is the Storage Interface Interactions Specification, which details how the specifications interact with other standards for storage interface.

The specification supports PATA and SATA, SCSI SAS, Fibre Channel, and ATAPI. The three larger members of the group -- Seagate, Fujitsu, and Hitachi -- are already producing drives that support the standard. The specifications call for vendors to choose to use either AES 128-bit or AES 256-bit keys depending on the level of security wanted. The group points out that neither of these standards has been broken.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By dj LiTh on 1/29/2009 12:36:04 PM , Rating: 2
Is it just me, or does anyone else think that all the companies sharing the SAME encryption technique is a universal blunder. If one is cracked they all are cracked. I'd much rather have a per company basis of encryption, at least that would spread out the targets of hackers/crackers over a few companies rather than making one huge universal target for them all.

RE: Universal?
By xxsk8er101xx on 1/29/2009 12:58:07 PM , Rating: 2
That's not true at all. You can't just crack one and then magically crack them all. It doesn't work that way. It's probability on a per instance basis. To crack a 128bit AES you would need a pretty powerful super computer and even then it would take quite a few several trillion years to crack it.

Why doesn't anyone do research before saying something that's ignorant?

RE: Universal?
By dj LiTh on 1/29/2009 1:37:02 PM , Rating: 2
Thank you for clarifying that for me. I was under the assumption that it was only the algorithm that needed to be cracked.

RE: Universal?
By rdeegvainl on 1/29/2009 10:28:49 PM , Rating: 4
it seems like you are coming at it from a "finding a flaw in the algorithm" standpoint, while the other is coming at it from a "brute force a single drive standpoint" I declare you both winners. an internet for both of you

RE: Universal?
"It's okay. The scenarios aren't that clear. But it's good looking. [Steve Jobs] does good design, and [the iPad] is absolutely a good example of that." -- Bill Gates on the Apple iPad
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki