The Great Zero Challenge

[Dan Beale-Cocks]

Be aware that some drive encryption is pretty lousy.  And some external 
drive enclosures have terrible cryptography.

C'T magazine have an article here:
http://www.heise-online.co.uk/security/Enclosed-but-not-encrypted--/features/110136

Which describes a drive that uses "128 bit AES encryption" (a secure 
scheme) but only uses it to store the RFID chip's ID in the controller's 
internal memory.  All the data was encrypted using a "proprietary 
algorithm" (almost always hopelesly weak).


{lots of snippage}
Jim Murray wrote:
>
> The best way of course is to plan for the day you decommission your
> drives before you start using them. Use encrypting hard drives and
> enable the encryption key before you start storing any data on them.
> Then when you want to erase the data all you need do is change the key
> and the data is totally & completely erased (unless you know someone who
> can either recover overwritten keys from EEPROMs or can break AES
> encryption..). I understand Hitachi manufacture such drives, generally
> intended from notebook computers but check BIOS compatibility to ensure
> they'll work in your machines.
> Another alternative is to use encrypting IDE/SATA controllers and
> standard drives. Doing that you don't need to erase a drive - it's
> useless without the decryption key & controller. Even if the machine or
> drive is stolen it's still useless unless they also manage to steal the
> encryption key.
>
> As you can see here,
> http://www.addonics.com/products/ruby_cipher/ruby_exd.asp encrypting
> enclosures aren't even expensive any more, they are well within the
> reach of all organizations and even most home or casual users.
> Encrypting data on hard disk really should be standard already....
>
> Securely storing (and erasing) data isn't rocket science, which just
> makes me even more furious at just HOW careless some people/agencies
> seem to be!
>