Security Flaw in Popular Disk Encryption Technologies
Uwe Doering
gemini at geminix.org
Mon Feb 25 23:30:00 UTC 2008
Achim Patzner wrote:
>>> article below. does anyone know how this affects eli/geli?
>>
>> There's fairly little any disk crypto system can do to thoroughly defend
>> against this.
>
> Hm. Strange. Serious hardware is very well suited to do that (usually
> by adding well defended crypto hardware). Keys don't have to be stored
> in unsafe places.
Since it hasn't been mentioned so far: There are hard disk drives that
do encryption on the firmware level, so you don't have to store keys on
the OS level.
While this doesn't solve the problem completely it at least makes
getting at the key much more difficult. You would have to somehow
preserve and later get at the contents of the RAM inside the controller
chip on the HDD PCB, and you probably can't risk throwing the entire HDD
into liquid nitrogen because there is a good chance that it would be
damaged afterwards.
Hitachi makes such drives, for instance (2.5" SATA models for
notebooks). There the HDD password doubles as encryption key, AFAIK.
So if the data you carry around is really that sensitive I would suggest
to consider that approach.
Regards,
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-hackers
mailing list