Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption Security Hardware

ABIT's Secure IDE Motherboard 567

Frank Caviggia writes "The Inquirer has a story about ABIT's spiffy new IC7-MAX3 motherboard. Apparently, this motherboard has a feature called 'Secure IDE,' which is marketing-speak for hardware-based encryption ... ABIT goes on to claim that 'Secure IDE' 'will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files.' Pretty bold claims for a motherboard maker ..."
This discussion has been archived. No new comments can be posted.

ABIT's Secure IDE Motherboard

Comments Filter:
  • by mjmalone ( 677326 ) * on Wednesday July 30, 2003 @01:37PM (#6572653) Homepage
    SecureIDE connects to your IDE hard disk and has a special decoder; without a special key

    So what they are saying is their algorithm is proprietary and is therefore likely insecure? I thought people stopped believing in/hyping security by obscurity years ago... Or maybe that's just wishful thinking? Hell, for all we know they could be using xor encryption or some such crap. I don't trust any encryption algorithm that I can't see.

    while ((c = getc(unencrypted)) != EOF) { if (!*cp) cp = "key\0"; c ^= *(cp++); putc(c,encrypted); }

    3y3 y4m l33t, c4tch m3 1f y0u c4n RIAA. heh.

    In addition, if there is no key does that mean there is no local security? If someone just took your whole rig mobo and all would they be able to access your files since whatever algorithm they are using must be embedded in the board?

    I can see the spooks at NSA laughing.
    • Let's see, if it doesn't require a special key, and you steal the whole computer (which is likely, compared to just stealing the hard drive), then you can read the data. Furthermore, assuming this computer will "work", what is to stop you from sharing the data. Strange claims, but this technology could be useful for other purposes. Encrypted CD-R's which can only be read on a specific computer, for example.
    • by garcia ( 6573 ) * on Wednesday July 30, 2003 @01:44PM (#6572739)
      ABIT's [abit.com.tw] site shows a little key that contains the decoder.
      • by enigma48 ( 143560 ) * <jeff_new_slash&jeffdom,com> on Wednesday July 30, 2003 @01:56PM (#6572879) Journal
        A little more info:

        It looks like this (physically) small key plugs directly into the encryption/decryption chip (the interface looks like a USB plug but the picture doesn't show it well; the interface itself has a 4 pin header though).

        It looks like to boot your computer, the key needs to be there. So make sure the police never show up while you are using the computer, never keep the key on you and keep your case open all the time so you can attach/detach it easily?

        Nice idea though. Just not entirely practical.
        • keep your case open all the time so you can attach/detach it easily?

          Um this is slashdot...how many cases aren't already open? Sorry just couldn't resist the obvious!

    • by Pieroxy ( 222434 ) on Wednesday July 30, 2003 @01:51PM (#6572819) Homepage
      The question is more: When my Mobo dies or has to be replaced, can I read my HDD on a new one?
    • I don't believe the gov can take your whole computer. They can only copy files from the hard drive to another. They aren't *supposed* to turn the machine on or anything like that. Its tampering with evidence. Theres a reason they have those big black vans, they gotta have plenty of room for that big machine that copies the data from the hard drive they got to the one they have extra. Oh well, who knows? Its something I learned on TLC.
      • Why would you believe that the government couldn't take your computer?

        Yes, once they have possession they are going to tread lightly and copy because the kiddie pr0nster's tricks are to wipe the HDD if a security precaution isn't followed during boot/login. But hell yes, they can take anything (including you) with the correct paperwork (warrants and whatnot).

      • That's clearly incorrect, the gov't can take your pc and do whatever they want with it, read about how Steve Jackson Games [sjgames.com] was raided by the Secret Service and had their equipment taken and many files compromised. Sure the SS lost that case, but do you think that ws an isolated incident? I don't.
        • And of course, this this classic case from 1995. [eff.org]

          There was an article called "alt.war.scientology" in a 1995 Wired feature article which went into much greater detail, but it's not on the Wired website, apparently.

          That 1995 article set off alarms that are still clanging today.

          Yes, indeed, they can do anything they like to you, and you can't do squat to stop them.
    • "Hell, for all we know they could be using xor encryption or some such crap. I don't trust any encryption algorithm that I can't see. "

      True. But if the RIAA wants to get at your files they would have to circumvent the encrpytion. Correct me if I'm wrong but wouldn't that be breaking the DMCA?

  • Oh great! (Score:2, Funny)

    by Pig Hogger ( 10379 )
    Now I can make a stealth pr0n server!!!
  • by mahdi13 ( 660205 ) <icarus.lnx@gmail.com> on Wednesday July 30, 2003 @01:39PM (#6572676) Journal
    and will keep the RIAA away from your Kazaa files

    That has to be one of the biggest marketing lies I've ever heard since 'Win98 doesn't crash...' as the PS/2 mouse was plugged in...
    • Yeah, it will keep them away from your files after your computer has been siezed. Too little too late. They already got your list before they ever filed. Chances are they don't need the computer anyway. The only thing that will stop the RIAA for good is the next generation of p2p.
    • by mr_luc ( 413048 ) on Wednesday July 30, 2003 @01:52PM (#6572841)
      The IC7-MAX3 is tuned up and ready to rumble. With ABIT's Game Acceleration Technology, users have the choice of three performance modes: Turbo, Street Racer and F1 to boost performance up to 17%.

      Ok, maybe it's not a marketing lie. But. How seriously can you take anything with the settings 'Turbo', 'Street Racer' and 'F1'?
    • Yup, but most people fall for such a marketing trick almost every time.

      It's the feature trick; as a producer of something you just add a feature that cost you almost nothing. I guess this new feature cost under $1 to add but they can add $5-10 on the retail price.

    • by billstewart ( 78916 ) on Wednesday July 30, 2003 @09:34PM (#6576621) Journal
      According to several other posters, it's running DES-crippled-to-40-bits as its encryption algorithm, and in ECB mode, not CBB, just to make it easier. Regular 56-bit DES took about a day for distributed.net to crack in ~1998 (though they got lucky - should have taken them ~2-3 days.) Since then, computers have gotten much faster, and this is 2**16 easier. (Technically that's only true if the crippled keyspace can be searched efficiently, like the full keyspace can, but that should be doable, and worst-case is no worse than single-DES.) True, the EFF machine in John Gilmore's basement hasn't gotten any faster, but it's been sitting there collecting dust for years, and somebody who wanted to spend another $250K to build a new one would get a much faster machine today - and if it's the RIAA, they could pay for it with the first couple of lawsuits against file-sharers.

      Not only will it not keep government supercomputers out for weeks, it won't keep the RIAA out of your disk for weeks if they confiscate it. Besides, the RIAA can subpoena you to make you hand them the key dongle. Also, this is only useful against people who have physical possession of your disk when your machine isn't running - if your machine's running with the disk mounted, it's no different than a regular disk, so querying your Kazaa file-sharer will work just fine, or running a search program on your machine.

  • by Splat ( 9175 ) on Wednesday July 30, 2003 @01:40PM (#6572682)
    Gestapo Internal Memo:

    Remember people, when we break into homes with search warrants, you need to take the MOTHERBOARD now too!
  • by asternick ( 532121 ) on Wednesday July 30, 2003 @01:40PM (#6572685) Homepage
    Correct me if I am wrong, but applications can still access unencrypted data; doesn't that mean numerous hacks would still work? 4ndr3w Scientists have been proven wrong time and time again -- by other scientists
  • by BrynM ( 217883 ) * on Wednesday July 30, 2003 @01:40PM (#6572690) Homepage Journal
    From the description:
    without a special key, your hard disk cannot be opened by anyone.
    They forgot to mention that you will also need a special motherboard to access your data, conveniently enough made by them. From this [abit.com.tw] page, it seems like the key is just a USB drive. They claim that "A password can be cracked by software in a few hours", but a hardware dongle containing software can be spoofed, copied or cracked at leasure if stolen. If you lose the key, you're pretty much screwed if you don't have the hardware or patience to hack your way back in. Conversley, if they make it easy for you to back up your key, they have also made it easy for other people to do so as well. They mention using FDISK from a DOS prompt to set your drive up, so existing installs and non-windows machines need not apply. They also don't mention if you are stuck with only one choice of filesystem to use their features.

    Nothing is ever completely secure, but I could see where this would help some. Genuinely a cool idea, but I'll wait a couple of years to see if it matures some first.

    • if you're using FDISK in DOS to setup the partitions, there's no reason you can't install Linux on top of the DOS partition. That's how they all are. Even on my Cobalt MIPS box, it's got a freaking DOS partition layout.

      The real question is, if the Key is USB, does the OS need to mediate between the SecureIDE subsystem and the USB key, or does the BIOS do it below the OS?

      There are a few problems with it though. The key is almost certainly copied off the USB key into local storage, rather than passing all data through the USB port for encryption (though with a dedicated USB2.0 port, that might be allright), and if you're getting sued and the court requires you to make the data accessible, saying you 'lost' the key is going to put you in jail.
    • by Zathrus ( 232140 ) on Wednesday July 30, 2003 @02:10PM (#6573040) Homepage
      They mention using FDISK from a DOS prompt to set your drive up, so existing installs and non-windows machines need not apply.

      How'd you make that leap of intuition?

      Yes, existing installs need not apply... that makes sense. They're writing encrypted data to the drive, and mixing encrypted and unencrypted would be a bad idea. But how on earth do you think this is tied to Windows?

      The encryption is occurring at a BIOS/hardware level. You can run whatever OS you want and it'd work fine because the entire point was that you could setup the drive in a normal fashion -- you don't need to use any special tools to do it. If you were restricted to a particular OS or to a particular FS then you'd have to use Abit's own tools to do it.

      Not such a cool idea IMO, more junk like the tube based audio they put out. Lots of flash with no substance, since if someone wants that data they're going to get it. I seriously doubt they implemented a sturdy enough encryption system to resist any significant governmental cracking... at least not one that can run in real time. It's mostly for the overly paranoid dweebs out there who don't realize that nobody wants to read their data.
    • FUD City (Score:5, Informative)

      by 955301 ( 209856 ) on Wednesday July 30, 2003 @02:33PM (#6573254) Journal
      Looking at their user manual, and specs, here are some corrections to your post:

      - No special motherboard needed. This thing plugs in between the ide cable and the driver.
      - As with all encryption. Lose the key and you're the proud owner of a high tech paperweight. Not unique to this connector.
      - I suspect they mention fdisk because it's commonly used. It's a transparent encryption system, so
      card + drive = normal drive
      They're just saying to reformat the drive after putting the adapter on.
      - Any file system/operating system will do. "Device driver free" too. Again, they're just saying you have to start over.

      Also worth noting:
      - The encryption card can use an extension cable get the dongle to the outside of the case. So no, you don't have to pop the cover each time you walk away.
      - Once you boot up, the key doesn't need to be in any more.
      - They give you a backup key too.

    • by Frac ( 27516 ) on Wednesday July 30, 2003 @02:41PM (#6573335)
      If you lose the key, you're pretty much screwed if you don't have the hardware or patience to hack your way back in.

      Isn't that a GOOD thing? That's good security right?

      I don't want a secure IDE drive that "if you lose the key, you can snap your fingers and get all the unencrypted data back!"
  • ...a motherboard manufacturer thumb their nose at the establishment. Although your more than likely to have your shares scanned over the Internet, then the RIAA come and steal your hard drive.
  • by LordOfYourPants ( 145342 ) on Wednesday July 30, 2003 @01:40PM (#6572692)
    Secure IDE, says Abit, has a special decoder without a special key, and that means hard drives can "never be opened by anyone".

    Then from the paragraph before: "... its Secure IDE technology will 'keep government supercomputers busy for weeks.'"

    So it can never be opened by anyone except the government, which will require a few weeks to decrypt what's on the drive? Are they mixing a physical opening of the drive with reading the data on the drive itself?
    • (paraphrased for sake of relevance)

      Master Doe: This key will allow no one to see the contents of your hard drive due to the complicated encryption algorithm. Do you understand?
      Master Tang: [nods head in agreement, pauses] No.. I don't understand.
  • Right (Score:5, Insightful)

    by dirkdidit ( 550955 ) on Wednesday July 30, 2003 @01:41PM (#6572694) Homepage
    will keep the RIAA away from your Kazaa files.

    Wouldn't that require some intelligence by the user? I mean like not sharing their file library? It's not like the RIAA can just go into people's homes and start busting open computers for pirated music.
    • Re:Right (Score:2, Insightful)

      It's not like the RIAA can just go into people's homes and start busting open computers for pirated music.


      Well, not yet anyway.

    • by beukerc ( 551572 ) on Wednesday July 30, 2003 @02:37PM (#6573297)
      Wouldn't that require some intelligence by the user? I mean like not sharing their file library? It's not like the RIAA can just go into people's homes and start busting open computers for pirated music.

      Acting on tips from an anonymous source (*cough* RIAA), U.S. soldiers invaded the homes of many citizens at home and abroad looking for the ever elusive Saddam MP3 FileSharer and his evil co-hort Osama Stole'Music and thier cache of MMDs (MP3s of Mass Destruction).

      President Bush re-iterated that the MMDs exist saying, "I know they out there, our intellegence agencies downloaded a few of them last night."

      Within the hour, both the CIA and FBI bave both denied that MMDs were downloaded. They go on to say, "infact our servers were hacked and used as a MMD store by the suspected country music terrorist group "Al'abama" "

      No comment has been released from the NSA. It is suspected they didn't hear the phone ring on account of the volume the MMDs were being played at the verify the MMDs were *IN FACT* MMDs.

      Film at 11.

  • For the lazy: (Score:5, Informative)

    by Latent IT ( 121513 ) on Wednesday July 30, 2003 @01:41PM (#6572701)
    Here's the bit on secure IDE:

    For MAX3, the ABIT Engineers listened to users who were asking for information security. SecureIDE connects to your IDE hard disk and has a special decoder; without a special key, your hard disk cannot be opened by anyone. Thus hackers and would be information thieves cannot access your hard disk, even if they remove it from your PC. Protect your privacy and keep anyone from snooping into your information. Lock down your hard disk, not with a password, but with encryption. A password can be cracked by software in a few hours. ABIT's SecureIDE will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files.

    Now, when it says Lock down your hard disk, not with a password, but with encryption... that seems to me that there's a hardware key on the motherboard that prevents the HDD from being read in other machines.

    Meaning... that instead of stealing just your hard drive, they have to steal the whole computer? =p

    Either that, or there is a password in addition to that. It could probably be gotten around by flashing the BIOS, or just taking the CMOS battery out for a brief stint. Either way, no, I don't imagine the NSA is shaking in fear just now.
    • Re:For the lazy: (Score:3, Informative)

      I'd imagine the key is either a USB token/dongle that you just take with you when you're not using the computer so the motherboard can't get a decryption key for the HD, or a BIOS-type decryption key that you have to enter at bootup to allow the motherboard to decode what's been written to the drive.

      Depending on their implementation, it could be reasonably secure, but I don't know that I'd want to protect anything really important with it. Would definatly prevent casual snoopers though, or people who'd pu
    • instead of stealing just your hard drive, they have to steal the whole computer?

      If you go to the ABIT site you'll see that the decrytpion key is not stored in the BIOS. It is a physical device that you need to plug in during boot. The physical "key" appears to be one of those USB flash drives that fit on a keychain.

      One would suspect that the decryption key is in the data stored on that device. As long as you hold that device, no-one can read your hard drive, even if they have the motherboard.

    • Re:For the lazy: (Score:3, Insightful)

      by SethJohnson ( 112166 )

      Please re-read the passage you quoted. The security device utilizes encryption. To simplify, encryption means it is mixing all your data up into an unintelligible mess. The index that makes sense of this mess is your key. As you have surmised, if the key were in bios and you were to discard the key by flashing the BIOS or removing the battery, you have just destroyed the only index to the spaghetti of 1's and 0's. For this product, the key is actually stored on a USB storage device. Any authority could dema

  • I imagine they couldn't give two fucks what the RIAA thinks. They know that their market is the people, and the people (most of them at any rate) like Kaazaa and hate the RIAA. Thus, this is a selling point.
  • Kazaa (Score:3, Insightful)

    by Anonymous Coward on Wednesday July 30, 2003 @01:44PM (#6572729)
    Secure IDE .. will keep the RIAA away from your Kazaa files.'

    Until the user shares them with the world. Damn some people are stupid.

  • by enigma48 ( 143560 ) * <jeff_new_slash&jeffdom,com> on Wednesday July 30, 2003 @01:44PM (#6572740) Journal
    I'll take the flames for reading the article before posting, but ABit seems to be selling this to people who think that when the police/bad guys/whoever take your computer, they only take the hard drive.

    Since they don't have a Secure ATA controller, they couldn't read the drive. They probably even need the same Secure ATA controller.

    But if they have access to your hard drive, time to unscrew it, secure it, etc - why not take the entire machine?

    The marketing people are probably patting themselves on the back right now but ABit just lost a fair bit of respect from me. If it is secure, post more information about "Secure" ATA and prove me wrong - if you want to hide details and claim it is secure, I'm worse than not interested in this tech. I'm less interested in Abit on the whole now.
  • by pecosdave ( 536896 ) on Wednesday July 30, 2003 @01:44PM (#6572741) Homepage Journal
    but if the court ordered investigator is actually at your keyboard, or they're checking through normal network means isn't this pointless? Okay, granted if my job is to look through peoples hard disk all day I'm going to want to take the disk out of their machine and use my machine to look at their data, but using their's doesn't exactly make it impossible, only inconvient. I guess if they destroyed their own board to hide evidence that would work. Another thing, your board frys. You loose all your data. I don't know how many times in my line of work I have had to replace a mother board and make sure the data from the old drive survived.
  • RIAA (Score:5, Insightful)

    by swtaarrs ( 640506 ) <swtaarrs@NosPAm.comcast.net> on Wednesday July 30, 2003 @01:45PM (#6572744)
    The RIAA isn't going after people because it finds files on their hard drive, it goes after people because it sees them sharing these files online, unencrypted. This technology is worthless against the RIAA in that respect.
    • Re:RIAA (Score:3, Insightful)

      by shaka999 ( 335100 )
      But when your machine is impounded to look for copyrighted material they won't be able to find all your other copyrighted material.
    • The RIAA isn't going after people because it finds files on their hard drive, it goes after people because it sees them sharing these files online, unencrypted. This technology is worthless against the RIAA in that respect.

      So encrypt your MP3 files.

      I always wondered why people didn't do this. Wrap each shared MP3 in a password protected zip. Would you be liable for distributing encrypted MP3s? Technically, you took measures to make sure nobody else could use them.* (You put them on the net so you cou

  • "ABIT's SecureIDE will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files."

    It doesn't matter if the RIAA can see your "Kazaa files". All the RIAA has to do is see your username on a P2P network and trace the IP address behind it. They don't need to search your hard disk drive - all they need is evidence of a particular kind of modem activity and they can bust you anyway, hard disk or no!
  • by mr_luc ( 413048 ) on Wednesday July 30, 2003 @01:45PM (#6572748)
    Personal computers with built-in hardware encryption is going to make life hell for support technicians.

    I mean, I like the idea. I just don't like the idea of having to deal with impenetrable security on top of everything else that I have to deal with when my little brother's friend fries his computer again and I have to slap a new HD or mobo etc in it.
  • Real use? (Score:5, Interesting)

    by Dark Paladin ( 116525 ) * <jhummel&johnhummel,net> on Wednesday July 30, 2003 @01:46PM (#6572764) Homepage
    There are some things about this that I like - the cooling systems look interesting, and as someone who's looking upgrade my old Win98 Game Box (that's about all Windows is used for with me these days), I can consider it.

    But the encryption doesn't sell me, because it's really a limited use.

    Assuming the machine is being used, and they is inside so you can access your data. You install an old version of Linux with an unpatched SSH client, and somebody root kits you. The encryption won't help you here - after all, the key is already used on the box so the motherboard can talk to the hard drive.

    The only time encryption would be useful is when:

    a) Somebody steals/appropriates the computer, and doesn't get the key. You destroy the key, and if this is a court case, you make sure there are no backups they can restore from.

    b) that's about it.

    I like the idea of encryption being on a laptop hard drive, and there's a USB key for it (I'm hoping the 10.3 version of OS X's user directory encryption is not just password/passphrase enabled, but lets you use a CD-Key, or something onto the Keychain file and you can be anal and put the Keychain file onto a USB key so it has to be inserted for the home directory to wirk). A laptop is more likely to be stolen and credit cards/passwords/sensitive company information (and if you're like me and work for a company who does Defense department contracts, that can be a big deal).

    Otherwise, I'm not sure I fully see the "average" home use of this motherboard to protect from the RIAA finding out what files you have over the Internet, since the hard drive is already being decrypted to give that data over the network. Like I said earlier, it's only use is if the RIAA gets a court order, and you throw the key into the garbage diposal. (Which might get you held up in contempt of court or some such, and then you'll have to hope that Abit doesn't have a backup key of their own floating in their system somewhere.)

    I could just be missing the point of the encryption other than a "gee whiz" feature - but that's just me.
  • Might actually be useful against the RIAA?

    Just an aside, but it would seem to me that if DRM/Palladium can keep consumers from digitally copying copy-protected music, then it could also be used by pirates to keep the RIAA from ever prosecuting music pirates. If a pirate recorded the digital output from the soundcard, and then used that to rip to mp3, they would then have technical "ownership" of the mp3, from the DRM perspective. They could then offer this file on the p2p networks with no worries at a

  • How would this prevent spybots from figuring out you have MP3s on your hard drive? Does it generate a fraudulent IP address for your hard drive separate from your actual connection? And if that's the case, how would it interoperate with the P2P client software? I can understand downloading a file and moving it to an non-shared folder on the encrypted hard rive, but then the user doing that will be a file leech and potentially blocked from a lot of files on the networks. What about the mobo chipset ident
  • by calebb ( 685461 ) * on Wednesday July 30, 2003 @01:47PM (#6572774) Homepage Journal
    "...and will keep the RIAA away from your Kazaa files."

    While this is true, the RIAA doesn't actually need to win their case to get money from you. They just want you to give them $12,000 - $17,000 [wired.com] in an out-of-court settlement. Even if they don't have a case against you & can't prove that your files really were mp3's (due to your encrypted hard drive), they're still going to attempt sue you if you don't settle - Sure, you'll win in court, but you're still going to pay $10,000 (or more) in lawyer & court expenses...

    I guess if you were doing something even more illegal that would required real evidence (i.e., innocent until proven guilty), then an encrypted hard drive would be a problem for the prosecutor. (That is, unless Abit really is just doing 'encryption by obscurity' as an above poster suggests)
  • Secure IDE, eh? (Score:3, Interesting)

    by blitzoid ( 618964 ) on Wednesday July 30, 2003 @01:47PM (#6572775) Homepage
    From what I can tell, the data on the hard drive is encrypted and decrypted on the fly. While that may not conflict with the OS you have on there, what if you wanted to put the drive in another, non Secure IDE motherboard? Apparently you wouldn't be able to access it. Hopefully it'll come with an app that can decrypt the HDD... and of course that app will be windows only.
  • by Silmaril ( 19015 ) on Wednesday July 30, 2003 @01:47PM (#6572778)
    By following these easy instructions [linuxfromscratch.org], you too can encrypt your data and swap partitions with Loop-AES [sf.net]. (The instructions are for Linux From Scratch [linuxfromscratch.org], but they worked fine on my Debian box.) This way, no unencrypted data ever touches the disk; even if your computer is stolen [com.com], the thief can't read your data.
  • Before (Score:4, Insightful)

    by Schezar ( 249629 ) on Wednesday July 30, 2003 @01:48PM (#6572793) Homepage Journal
    Before everyone starts bitching with their collective "This can't work! How would it work!?! It's insecure!!" pablum, I offer this solution:

    wait.

    There will be more information in the weeks and months to come. Don't decry this as useless until you know what it actually is.
    ___________

    That aside, this could be a case of "secure computing" working counter to many of the interests that originally pushed it. Sure, encrypted channels can be used to enforce DRM, but they can also be used to hide that cracked media when $badguy comes looking for it on your hard drive.

    The DMCA can work for you just as it works for $badguy. That encrypted IDE is protecting -your- copyrighted intellectual property, after all.
  • I love the looks of this board, and I'll probably get one, but the only problem I have, is from time to time I put my HD in another computer for trouble shooting. If a power surge, rouge program, or virus damages my drive, a lot of times I can transfer the drive to a different computer an still get many of my files. Also, I have taken my HD to other peoples houses when other means of transfer are exhausted. It seems like this would lock you into one hardware format.
  • a few thoughts.... (Score:5, Insightful)

    by NerveGas ( 168686 ) on Wednesday July 30, 2003 @01:51PM (#6572824)

    Encryption algorythms are sufficiently advanced that key management is the real issue: Trying to brute-force it can be very difficult, but finding out the private key (which makes decryption trivial) can often be relatively easy. So, even if they used reasonably strong encryption, chances are that they won't succeed at protecting the private keys.

    However, I suspect that their encryption isn't really all that strong. Doing strong encryption at speeds necessary to sustain IDE transfers (up to 50 megabytes/second *per drive*) is fairly serious stuff, especially if you want to be able to do it at sufficiently low latencies. Hardware-encryption boards that truly do strong encryption at much slower speeds than that are pretty pricey, usually at least four figures.

    steve
  • RTFA (Score:5, Interesting)

    by pridkett ( 2666 ) on Wednesday July 30, 2003 @01:51PM (#6572827) Homepage Journal
    I see a lot of people saying that they steal the motherboard then they can crack it, which while possible isn't entirely true. If you would read the information about the board you'd see it's a hardware dongle that stores the key information. Thus, if you buy a new mobo with secureIDE and have the same dongle you'll be able to read the data. It's that simple.

    So rather than destroying the motherboard, you just need to store the USB key somewhere other than where the computer is. Pretty straight forward. You can't take the hard drive to another secureIDE computer and have it work without the USB key.
    • Usually in key based encryption products the key is itself weakly encrypted. In order to decrypt the key, the user must supply a password that gets past the weak encryption on the key. This key can then be used to unlock the stronger encryption in the secureIDE product.

      This is how OpenSSH works anyway (i did not read the secureIDE blurb too carefully). The SSH guys say that keys should allways be encrypted, because theft of keys is easy to do. If the key is encrypted then that at least is one more substant
  • Encryption alg (Score:5, Informative)

    by Satan's Librarian ( 581495 ) * <mike@codevis.com> on Wednesday July 30, 2003 @01:53PM (#6572851) Homepage
    just fyi - looks like it's AES at 128 or 192-bit key length, from here [nist.gov].

    Also, here's the key [abit.com.tw].

    Not going to stop the RIAA from catching you (although they'd have difficulty decrypted the drive once they did I guess), but looks moderately useful for protecting a harddrive from theft. I'd love one on a laptop. If someone stole it in an airport or somesuch - at least they couldn't get my data without some effort.

  • No External Key??? (Score:5, Informative)

    by YetAnotherDave ( 159442 ) on Wednesday July 30, 2003 @01:53PM (#6572853)
    Hmm, don't mind me while I keep using a software solution...

    Loop-AES is trivially ease to set up under linux,
    and you can have it require a GPG key etc that live on a USB keychain.

    If you have my keychain, and you know the password, you can mount /home on my laptop. Otherwise you're SOL...

    http://sourceforge.net/projects/loop-aes/
    http: //loop-aes.sourceforge.net/loop-AES.README - see example 4

    Something you have and something you know...
  • by Physics Nobody ( 688399 ) on Wednesday July 30, 2003 @02:03PM (#6572964)

    Everyone ranting about how this is inherently stupid since the key is just on the motherboard should actually read the article and note that the key is actually going to be stored on a removable device of some sort. So the idea is you carry the key with you at all times and just plug it into the computer when you want to use it. When the key is not in the computer the data cannot be read.

    Of course this still doesn't explain the silly Kazaa claims, however that is another issue altogether. In fact this whole thing seems kind of useless since if the government were to confiscate your computer or something you'd think they could just subpoena the key as well, and it does nothing to protect against hackers since the key has to be in your computer for you do use it. Turning it off when you're not using it would be just as effective. About the only thing this is good for is in case somebody steals your computer when you're away. But it could work for that.

  • by Kjella ( 173770 ) on Wednesday July 30, 2003 @02:07PM (#6573005) Homepage
    • It has *nothing* to do with the motherboard, it is a card that connects between the IDE cable and the IDE drive. Like s separate card.
    • It works with all OS, no drivers. You need to start from a blank disk though because everything is being encrypted/decrypted as it passes through (if you "decrypt" plaintext something it goes horribly wrong).
    • The encryption is 40 bits which is really really weak. Same as DVDs for example (ok slightly FUD because CSS was a poor algorithm)
    • You have an external keyring, which acts as your hardware key.
    That being said, I really don't see the big use of this. It's only good if your disk is taken, they don't take the key and it's only protecting the information (disk is as good as ever if you remove the card and format it again). Of course if you have vital company/personal/military data on your disk I suppose that might be enough of a reason.

    Kjella
  • 40-bit DES? (Score:4, Insightful)

    by Sapwatso ( 461933 ) on Wednesday July 30, 2003 @02:17PM (#6573104)
    according to the installation guide: [abit.com.tw]

    40-bit DES (US Data Encryption Standard) is adequate for general users

    In much the same way that leaving the data un-encrypted is adequate for general users, I suppose.
  • by Realistic_Dragon ( 655151 ) on Wednesday July 30, 2003 @02:19PM (#6573126) Homepage
    It seems that the hardware manufacturers can see that the money is with the pirates and not with the media companies.

    It wouldn't surprise me if they ended up killing off DRM by offering workarounds and personal encryption based products, because that is what consumers are demanding.
  • by Eric Damron ( 553630 ) on Wednesday July 30, 2003 @02:46PM (#6573378)
    "and will keep the RIAA away from your Kazaa files."

    I'm not understanding this statement. If you are running a program that shares files then the RIAA will not magically be locked out. If they're talking about someone hacking your computer then I guess it depends on how they do it.

    Once you boot using the key your computer is going to have to store and use that key in order to decrypt data on your drive. This has got to be done in the background by the MOBO. What a pain in the ass it would be to have to explicitly and in person tell the computer to decrypt every file you access!

    That being the case, if someone forces one of your programs to crash but leave open a shell wouldn't the MOBO go on happily decrypting data for any process running in that shell?

    If encryption/decryption is happening at the hardware level it would seem to me that the only real protection you would be getting is if someone steals your computer but doesn't take the device that you use to feed the MOBO the key. How many of us would just leave that device plugged in to the computer anyway?
  • Please correct me if I screw something up here.

    They said that the RIAA wouldn't be able to read the Kazaa files off your machine. Huh?
    How does secure IDE do that?
    Okay, you got WXP running. And you are running Kazaa, Real Player and whatever else. Obviously the encryption/decryption is done at the hardware level between the motherboard and the hard drive.
    For this thing to have practical use to the general public it must be transparent to the OS.

    Now the RIAA is getting information on people without invading peoples computers. They are using the Kazaa network and probably downloading MP3's just like anyone else. Then they look at the IP address and go from there.
    I am just not seeing how secure IDE does anything to stop that.
    The only way secure IDE would be helpful in the Kazaa situation is if it broke Kazaa.

    As for the key.
    I am not getting that at all. They are saying that it isn't password protected and it isn't a dongle.
    It is hardware.
    Well that sucks.
    Now granted I have never had the privledge of having the FBI or the cops bust into my house and confiscate my PC.
    But I seriously doubt they would waste there time cracking the case and taking the hard drives. Minnimal they would take the tower.
    Hell they would confiscate everything. Consider all the stupid people that hide there passwords by tapeing them under the keyboard, taking your monitor might pay off for them.

    So if they have the tower anyways then I ask again, how is secure IDE helping?

    The only case I can see is if I decided a hard drive is bad and threw it away.
    And I'll level with ya, when I do that I destroy the hard drive anyways. I don't need encryption. I pull the tape off the side and expose the breather whole. Then I take a screw driver and jam it in there real hard. I make damn sure that I scratch up both sides of the platters. I also try to knock the heads off.

    I argue that my way is better then encryption anyways. It might take weeks for supercomputers to decrypt there encryption, but I would love to see a solution to the mess that I make with a screwdriver.

  • by malkavian ( 9512 ) on Wednesday July 30, 2003 @07:32PM (#6575977)
    This reminds me of my old old old PC from 1990 (An old Apricot Qi) which came with what was quaintly termed 'Apricot LOC Technology'.
    The hard disks were encrypted in hardware even back then. Also, there was no reliance on any USB dongle to just get the disk unencrypted.
    LOC tech worked by the user having an IR transmitting card which authenticated you to the machine. If it was in secure mode, you had to transmit from your card (encrypted transmission.. No copying the transmission and replaying), which then gave you the login screen for your user (this is the first point the keyboard unlocked).
    You enter the password and it lets you use the system.
    The encryption was independant of OS. This was damn cool 'paranoid' gear. It won me a few contract jobs on the basis that nobody else could get into the machine apart from me, and a couple of my clients at the time were pretty much requiring security and confidentiality.
    Nice for the single user PC where you really don't want someone else turning it on and reading your email.
    Still, I'd much prefer to use something that can be used to hold differently available data depending on the user.. The day they put rubberhose [rubberhose.org] in hardware, I think they'll really have a winner...
    Still, it seems odd they they are trying to hype tech that's a cutdown version of 13 year old tech as something new and revolutionary..

    Malk

The world will end in 5 minutes. Please log out.

Working...