News - Toshiba's self-encrypting HDD uses US FIPS 140-2 security

Quote:

---

The 7mm thick MQ01ABUxxxBW 2.5-inch HDD series fits in standard notebooks.

---

Read more.

So, is buying a drive which has encryption standards endorsed by the US government a good thing or a bad thing?

Maybe i am missing the point but isn't the idea of encrypting data to prevent unwanted people reading said data, so wouldn't a drive that self-encrypts allow anyone to just plug it in and decrypt it ?

Quote:

---

Originally Posted by Corky34

Maybe i am missing the point but isn't the idea of encrypting data to prevent unwanted people reading said data, so wouldn't a drive that self-encrypts allow anyone to just plug it in and decrypt it ?

---

No, because if an unauthorised system attempts to access data, the drive self-wipes.

Quote:

---

Originally Posted by Repressor

So, is buying a drive which has encryption standards endorsed by the US government a good thing or a bad thing?

---

Good question. I guess, in part at least, it comes down to who you trust and who you don't, and the extent to which you consider data to be exposed to different risks.

For instance, do I feel particularly at risk from getting lifted by the CIA, and having the NSA access my laptop data, using a built-in backdoor .... if such a back-door exists?

Or am I more worried about criminals using data on a stolen laptop for accessing my bank accounrs, or ID theft?

Well, personally, neither, to be honest. I don't do online banking, don't have data useful for ID theft on my laptop, and can't imagine why the CIA would conceivably be interested. A few years ago for security vetting due to family, maybe, but not now.

So, I'm not really bothered about the risk of data loss to crooks or the US government getting at my laptop, but if I were, I'd be far more concerned about crooks than spies. Personally.

Quote:

---

Originally Posted by Saracen

Well, personally, neither, to be honest. I don't do online banking,

---

It is convenient besides all your data gets sold on the back market from some guy in a call centre working for the bank.

Quote:

---

Originally Posted by Saracen

No, because if an unauthorised system attempts to access data, the drive self-wipes.

---

Ahh i thought i was making a fool of my self :) but if you don't ask you never learn anything, although I'm still confused as to what or how you authorise a system.
I mean if someone stole a laptop with such a drive in it how does the drive know. (am i having a blonde day)

"it has been validated to U.S. Federal Information Processing Standard 140-2 (FIPS 140-2)"
Gee that's reassuring!

American Security standards mean nothing these days now that Snowden has enlightened the world to the U.S's treachery. In fact no western security standards mean much now, I would sincerely trust Russian security standards far more than any western ones.

Quote:

---

Originally Posted by Corky34

Ahh i thought i was making a fool of my self :) but if you don't ask you never learn anything, although I'm still confused as to what or how you authorise a system.
I mean if someone stole a laptop with such a drive in it how does the drive know. (am i having a blonde day)

---

You'll be prompted by the BIOS for a password to 'unlock' the drive every time you boot.

Quote:

---

Originally Posted by DemonHighwayman

"it has been validated to U.S. Federal Information Processing Standard 140-2 (FIPS 140-2)"
Gee that's reassuring!

American Security standards mean nothing these days now that Snowden has enlightened the world to the U.S's treachery. In fact no western security standards mean much now, I would sincerely trust Russian security standards far more than any western ones.

---

The only people able to circumvent the encryption standards recommended by the NSA is the NSA because of some very clever Maths. To simplify what they have done is to say they have a key that allows them to break the random number generator that does the encrypting which is impossible to break without. Well not impossible, just needs the worlds fastest supercomputer and years of time which is highly unlikely.

More detailed description of the treachery here: https://www.youtube.com/watch?v=ulg_AHBOIQU

Quote:

---

Originally Posted by Corky34

Ahh i thought i was making a fool of my self :) but if you don't ask you never learn anything, although I'm still confused as to what or how you authorise a system.
I mean if someone stole a laptop with such a drive in it how does the drive know. (am i having a blonde day)

---

PBA. Pre-Boot Authentication.

Essentially, a small application often stored in Master Boot Record (MBR) shadow, that runs PRIOR to the boot process attempting an operating system load. So, you power up and get asked for a passcode. No valid passcode = no boot. And, as no boot, no ability to corrupt or infect the OS.

And, because of self-encrypting drives, ALL data on the drive is stored encrypted, and the user cannot disable it, accidentally or otherwise. Nor, for that matter, can IT.

And furthermore, the encryption keys are in firmware on the drive controller, mso you can't use traditional 'cold boot' attacks to try to recover keys from RAM, as with software-based encryption, because they're not in RAM in the first place.

So, you cannot access the machine without access keys, cannot bypass the OS, cannot cold-boot attack the keys, and cannot remove the drive from the machine and put it in a different machine. Or rather, you can, but if you do, the drive self-wipes automatically.

It's worth bearing in mind that NOTHING is 100% guaranteed secure, but this is a pretty good step in that direction.

Quote:

---

Originally Posted by Noxvayl

The only people able to circumvent the encryption standards recommended by the NSA is the NSA because of some very clever Maths. To simplify what they have done is to say they have a key that allows them to break the random number generator that does the encrypting which is impossible to break without. Well not impossible, just needs the worlds fastest supercomputer and years of time which is highly unlikely.

More detailed description of the treachery here: https://www.youtube.com/watch?v=ulg_AHBOIQU

---

The RNG they compromised was part of a standard that had very little use. To be clear this is something that was designed by them, and suspicions were raised even before the Snowden leaks about a number chosen for the algorithm (normally you'd expect some common constant like Pi or root2 to be used as a 'nothing up my sleeve number'). Hence, it wasn't trusted anyway.

They did not and have not, to public knowledge, compromised or broken any encryption algorithms for example. AES (Rijndael) was not created by the NSA, it was just chosen as a standard from a public process based on security, speed of implementation in software/hardware, etc.

Yes, what they did was bad, but it's easy to take it out of context and think the situation is a lot worse than it actually is. I certainly don't see how the US doing something untrustworthy would make Russian standards somehow more trustworthy!

1. Would you have to enter a password to unlock the HDD before it loads Windows?
2. How would you move it to a new laptop/pc without loosing data? or connect to another PC to retrieve data say if the OS/Machine failed?

1) Yes - no data on the HDD can be accessed without inputting a password.

2) It depends on whether a TPM is used. If not, it's just a case of unlocking the drive on another PC, either through pre-boot authentication or with HDD utilities. However if a TPM is used along with a passphrase, the data is essentially useless without that TPM, which is why backups are good practice, as always.