The Problem with ‘Encrypted’ Drives

Aluratek Tornado Plus

If you look through any computer magazine, typically you’ll find a half dozen or so advertisements for “encrypted” hard drives . . . typically Flash drives or portable 2.5″ hard drives that promise they’ve got some sort of hardware-based encryption baked in. What could be better than that for hiding your data from prying eyes?

Well, as Tom Olzak points out over at Tech Republic, too often these hard drives don’t really offer much in the way of encryption at all and, more importantly, reviews of such drives don’t tend to get into the nuts and bolts of just how the hard drive is being encrypted and just how likely it is for someone in possession of the drive to successfully attack the encryption scheme.

Olzak is specifically writing about the Aluratek Tornado Plus Drive which is a portable 2.5″ hard drive that advertises itself as having hardware encryption. The Tornado Plus’s hook is that it also has a portable RFID key fob — simply pass the key near the drive and the key fob passes along the key to the hard drive and your data is unencrypted.

Olazak read about the drive and decided to call Aluratek for more information on the encryption scheme,

My first discussion was with a sales guy. I asked about the encryption method. He didn’t know. I asked about how the key was protected. Again, no idea. I began to suspect that this was not the person I needed to speak with, and I asked for a “technical” person. After a short wait, another sales guy got on the phone. He knew a little more. For example, the encryption method is to XOR the key with the data. Those of you in the security profession know my reaction to this news. For those of you still coming up to speed, XORing a key with data to encrypt sensitive information is bad. Very bad.

Although disappointed, I had enough interest left to ask about key management. The new sales guy had no idea. I was transferred to an “engineer.” I should have known after having to explain to the engineer (we’ll call him Anthony) why I thought key protection is important that I was still not speaking with someone with a good grasp of disk encryption. However, he didn’t believe the key was encrypted on the RFID chip nor that the transmission of the key to the drive was protected. In other words, anyone with the key fob could access the encryption key. Also, the right equipment in the right place could intercept the key as it’s transmitted to the drive.

Moreover, as Olzak notes, just by making that call he’s done far more than many of the computer journalists or bloggers who have written “glowing reports” about the release of the Tornado Plus.

Hitachi Claims 612 Gigabits/Square Inch

Hitachi recently announced it had successfully written and retrieved data at a 612 gigabytes/per square inch ration on a magnetic hard drive media using perpendicular recording,

Perpendicular magnetic recording is now the current mainstream HDD technology. Hitachi GST demonstrated 230 Gbit/in2 in April 2005, 345 Gbit/in2 in September 2006, and has now shown extendability to 610 Gbit/in2. This growth supports the theory that technology can support storage capacity growth of 40% annually. It has been predicted, however, that the current perpendicular recording, which uses a continuous film media will eventually reach a limit in achievable recording density, and therefore, new head and media using alternative technology such discrete track recording, bit patterned media and thermally-assisted recording, are also being considered. These new methods are still being developed, but hold potential for much greater advancements in areal density growth.

Please, sir, may I have some more?