SanDisk Unveils Self Encrypting X300s Solid State Drive Series

12

Comments

+ Add a Comment
avatar

Bullwinkle J Moose

Can I use the hardware encryption as a boot drive with Linux or any other NON-Windows 8 OS such as XP?

http://technet.microsoft.com/en-us/library/hh831627.aspx

The computer must have the Compatibility Support Module (CSM) disabled in UEFI.

The computer must always boot natively from UEFI.

Configuration of Encrypted Hard Drives as startup drives is done using the same methods as standard hard drives. These methods include:

Deploy from media: This deployment method involves installing Windows 8 or Windows Server 2012. from DVD media. Configuration of Encrypted Hard Drives happens automatically through the installation process.

------------------------------------------------------
How is the key on the drive protected?

http://www.trustedcomputinggroup.org/resources/commonly_asked_questions_and_answers_on_selfencrypting_drives

A: The original encryption key value is generated in the factory by an on-board random number process; it never leaves the drive. When the drive is configured by the user (or I.T.), the authorization key is used to encrypt the encryption key inside the drive, so the key is never stored in the clear. The encryption key can be changed by the user administration function (IT department), which ensures that anybody who might have had possession of the drive before the user puts it into service could not have obtained any information that might give him any help in later retrieving data from the drive.

How do I manage a large number of systems with self-encrypting drives? Is software available to administer these drives?

A: Multiple Independent Software Vendors( ISVs), who traditionally manage encryption functions, now provide management of self-encrypting drives, both locally and remotely.
---------------
So, can someone break into the encrypted drive without remote access and management like the NSA can do if a thief does not have the hardware key of the drive itself?

http://www.spgedwards.com/2012/12/popular-disk-encryption-systems-cracked.html

(Disclaimer: Bullwinkle's response)
Sure, but the methods used to access encrypted data in the linked article do not correspond to the methods used by the NSA which have direct access when using the Operating Systems specified by the encryption Standard employed on this drive
------------------------------------------
The response to using the hardware encryption on actual "TRUSTED" systems other than Windows 8 or server 2012 was a bit vague...
Can you clarify this response?
http://security.stackexchange.com/questions/54921/opal-hardware-encryption-on-linux

"Standard Response"
-------------------
How about dual booting to Linux?
Good Luck!
http://www.eightforums.com/installation-setup/19739-before-you-dual-boot-truth-about-ms-oem-s-linux.html

Wait for it....
The video actually gets interesting after the 19 minute mark
http://www.youtube.com/watch?v=V2aq5M3Q76U

avatar

MrHasselblad

Now that is the best and most effective counter-argument I've seen on this site in a very long time. Most impressive, and the content even surpasses the original article.

With that type of contribution one should strongly consider placing those efforts into a professional contributing writing career.

As for the video, I would also look forward to a Hak5 version of it

avatar

LatiosXT

I like how people say "standard encryption methods have been cracked" when it's really "I need physical access to your computer to get a RAM dump". It's like saying your money can be stolen if a thief can reach for your wallet.

avatar

MrHasselblad

But try to imagine how many computers are left in a state of *on* and are also not properly secured. Add to that, one would be surprised to se how many computers are left completely unattended at public wifi locations such as coffeeshops.

One could quite easily bypass most any security measure using an optical disc, usb, or something similar.

avatar

LatiosXT

But this drive isn't targeted for those computers. It's for corporate sectors who need that security in order to protect trade secrets on the computer.

At the end of the day though, encryption is increasingly becoming vulnerable to the fact that data pertinent to knowing how the system works is stored in RAM. The only way I think we can improve security is to have the data resident in a place that's harder to access, like in cache or registers.

And I also have a feeling it's why we won't have non-volatile RAM any time soon.

avatar

MrHasselblad

IF it is made for any type of corporate environment, the...

Simply distract anyone at the office; such as a secretary (politically correct term - assistant) for about a minute or so... Then do the same, insert optical disk or usb drive.

Have more than a minute insert a keylogger

avatar

vrmlbasic

Secretary isn't PC? Sigh.

The PC police force us to use new euphemisms but then the "next generation" of PC police forget that the euphemisms established by their predecessors are indeed euphemisms and force us to change 'em, eg: Janitor -> "custodian".

..."assistant" can't be PC as it implies subservience.

avatar

Bullwinkle J Moose

"It's for corporate sectors who need that security in order to protect trade secrets on the computer."
----------------------------------------------------------------------
WHAT?

But if the "Hardware" Encryption Key is tied to the serial number and/or Guid(Globally Unique Identification), you are SOOOOOO screwed!

The ONLY key that can be user changed is the actual encryption key that is then encrypted with the hardware key

If you are "Online" the "Owner" of the drive can easily be identified even if you paid cash for it and the "Hardware" key can be used by "Unknown" parties (CIA, NSA or whoever) to see everything on "Your" encrypted drive and know that IT IS INDEED YOUR Drive, due to the GUID and serial numbers of YOUR computer and every piece of software on said computer as well as the accounts you access online

So.....
To say that this type of drive is to "KEEP" or "PROTECT" secrets is a bit of a stretch if not an outright fraudulent statement

Buying a drive that has a 99.9999% of failing to keep secrets is a bad buy at any price in my book

-------------------------------------------------------
I looked for the link to information tying the ID to the Hardware Encryption key but it appears to have been pulled from the Internet and all you will now find are worthless "Promises" that your data cannot be decrypted without any proof that this is the case

I stopped listening to worthless Gov't / NSA / CIA promises long ago

If you can't prove it, it's OBVIOUSLY not true as we are all now finding out on a daily basis

avatar

LatiosXT

... Honestly I'm thinking someone's gone off the deep end here.

Let's just figure out what the hell Seibu Kaihatsu used to encrypt Raiden 2. Nobody, not even Seibu Kaihatsu themselves, has cracked it.

avatar

Bullwinkle J Moose

The NSA and others have been worming their way into encrypted volumes THAT DO NOT contain backdoors for years now

Targeted individuals who found "Clean" key-generators for NON-BACKDOORED encryption programs prior to the Stuxnet Beta tests in the U.S. around 2006-7 should check their encrypted drives for malware once again

Keygens that are "STILL" malware free in encrypted volumes on Read-Only Optical Disks will be found in many cases to contain key-logging worms IF you were a target

They ARE getting into NON-Backdoored encrypted volumes!

Why do you think WWW.KEYGEN.US was never removed from the Internet over the past decade by "Law Enforcement" but instead was riddled with trojan key-loggers and worms just prior to the Stuxnet Beta-Tests that began around 2006-7

Do some research on your own!
The NSA and others will not tell you how they are getting in, and just because you have CLEAN open source encryption will not protect you as long as you are using FREE applications that continually connect and send data to the Internet

The entire premise that you have Clean Encryption so your data is safe is a false one!

YOU CAN QUOTE ME ON THAT!
and you heard it here first!

Do you honestly believe that just because this is not in the news, it isn't happening?

Who's crazy now?

Hardware based encryption is just so much easier to get into, even if you disconnect from the Internet to open your encrypted volume and disconnection will not protect you from the worms

Ease of use and AUDIT FREE hardware based closed source is the perfect weapon for public deployment
> Please provide links as to why the NSA wouldn't use it <

Why would anyone jump through all the hoops to secure their software based encryption when they could just use a hardware encrypted disk?
"EASE OF USE" is what is killing you now!

If you do find those non-existant links proving that the NSA would never design, deploy or target hardware encrypted disks, they should all be FIRED for not doing their job

Disinfo is just a part of that job and www.keygen.us is just another resource to them

Speaking of disinfo.....
Why is it that I never get an apology from people like you who call me the nuttcase when they later read in the news that I was right all along?

Try reading my older posts at this site
Just because it sounds crazy to someone who doesn't research security topics on their own but instead believes all the propaganda they hear from supposedly "Reliable" sources, doesn't make me the crazy one

avatar

LatiosXT

The problem with these security nutjobs is that you're telling me that I can't trust the government, open source communities, etc. that are basically trying to tell me that everyone who's told me everything about everything is a lie and I'm supposed to trust you. Some random person on the internet who rambles about as much as the transient who hangs out at the trolley station. I don't care how credible you are. As far as I know, you're just another handle on the internet spouting rabble.

I already assume once I'm connected to the world, I'm not safe. But I also know that if someone really wants to get me, they'll get me. I avoid digging my nose into things or say things that'll get me into trouble. Sure, now I sound like a droving sheep that the government wants me to be. What, because I want to stay out of trouble?

And what I don't get is why anyone who's paranoid about people hacking into them and such ARE STILL ON THE INTERNET. The only way to be safe is to be disconnected from the world. Not just from a network, but from society, from everything. And while that doesn't guarantee your safety, you'll just be another person in a crowd of 7 billion others.

avatar

Bullwinkle J Moose

NO!

You are not supposed to trust me or anyone else

You are supposed to do your own research if you want security

But, Oh My....
We seem to have drifted off topic a bit

Nice looking drive huh?