Current Event: New Hard Drive Encryption Standard Proposed
The Trusted Computing Group has proposed a new standard for self-encrypting hard drives. Many current hard drives boast encryption features, but some provide little details on the encryption process, and there was previously no single standard among all manufacturers. This new standard would bring greater interoperability between drives from different manufacturers, and its details are publicly available, in accordance with Kerckhoffs’ principle.
This could be seen as a good thing – many existing hardware-based encryption products likely get away with using insecure algorithms, and putting the details out in the open would prevent this from happening. Many, however (including the well-respected Bruce Schneier), disagree on the basis that yet another standard would inevitably have flaws, and that existing software-based systems are good enough. What do you think?
Comment by Steven Sprague
February 10, 2009 @ 5:54 am
These drives change the attack profile dramatically. The use of hardware to provide trusted processing of the encryption and protection of the keys. Dramatically reduce the reliance on the OS and it’s vunerabilities.
In addition configuration of an FDE drive is dramatically simpler so that there is less that can be done wrong.
Every user should have an FDE drive and use it to release their data it is the best protection for a lost or unattended PC.
How many casual hackers know how to defeat the Windows GINA or boot a machine on a linux image and steal all the data in a few minutes. FDE drives are a simple and easy solution. Require a PIN at power up is a great way to logon to your environment.
Steven Sprague
CEO
Wave Systems Corp.