The Great Zero Challenge
Callum Finlayson
ukcrypto at chiark.greenend.org.uk
Mon, 15 Sep 2008 10:15:04 +0100
On Sat, Sep 13, 2008 at 6:35 PM, Dan Beale-Cocks <signup@bealoid.co.uk> wrote:
> Be aware that some drive encryption is pretty lousy. And some external
> drive enclosures have terrible cryptography.
>
> C'T magazine have an article here:
> http://www.heise-online.co.uk/security/Enclosed-but-not-encrypted--/features/110136
>
> Which describes a drive that uses "128 bit AES encryption" (a secure scheme)
> but only uses it to store the RFID chip's ID in the controller's internal
> memory. All the data was encrypted using a "proprietary algorithm" (almost
> always hopelesly weak).
True, but used in conjunction with overwriting it can provide
significantly increased confidence that no data can be recovered --
even if the overwriting isn't effective.
If I boot up knoppix and dd rand or null onto an encrypted drive then
even if the encryption is weak and the dd isn't 100% I'm going to be
fairly confident that no sensitive material can be pulled of the disk
(unless the disk encryption is *spectacularly* dumb in a
completely-unfit-for-purpose way, rather than just the normal
not-as-good-as-the-adverts-imply way).
Obviously for protecting live data things are different, for for
ensuring data from sensitive drives can't be recovered it's worth
including.
C