Re: Hard Drive Destruct System?

From: Al Dykes (adykes_at_panix.com)
Date: 11/27/04 

Date: 27 Nov 2004 16:38:15 -0500

In article <coaok5$eb0$1@canopus.cc.umanitoba.ca>,
Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
>In article <coane4$3li$1@panix5.panix.com>, Al Dykes <adykes@panix.com> wrote:
>:I believe IBM makes (or made) laptop hard disks that did encryption on
>:the drive electronics, and the driver software asked the user for a
>:PIN code before the laptop could boot up. If the user forgot his PIN
>:and called IBM, all they could do is to reformat the disk. No james
>:Bond stuff required.
>
>I don't recall the company involved, but the description you give above
>matches a product that was out a few years ago and was supposed to be
>foolproof. After a while of the device being on the market, someone
>managed to figure out a way of booting that allowed the user to
>bypass the PIN, thus laying bare the entire drive contents.
>
>I don't recall the details now; the conclusion was along the lines that
>the manufacturer didn't actually encrypt the data on the drive itself, it
>just made it so that you couldn't get at the plaintext unless you had
>the right pin, so when that step was bypassed everything was wide open.
>
>
>In practice, you can't use a single encryption over a whole drive,
>because you have to be able to randomly read or wrote from the middle of
>it without having to decrypt everything before that point (read) or
>re-encrypt everything after that point (write.) And directory structures

Offhand I can't see any problem with en/decrypting data in 512 byte
blocks as sectors are read/written to disk. The electronics on the
disk drive can do this, when enabled with a PIN from the user. A
custom BIOS would be necessary to prompt the user for the PIN at boot
time. No PIN, no data. Blow up the chip that has the crypto key in
it and your data's gone.

I've never worked with the IBM system, and it's possible the disk just
has a spin-up password. This would effectivly prevent you and me from
stealing the data, but not stop the Bad Guys that can read data from
platters, assuming that's still possible.

>have to be fairly consistant -- you can't even do those separately
>from the drive data, as you don't want to have to go through all of
>the directory information in order to be able to get at particular files.
>Because of these considerations, you end up with a lot of
>places on the disk that one has known or easily guessible plaintext for,
>and one has to use pretty much the same key over and over again
>rather than block chaining over the entire drive; these drawbacks
>noticably lower the encryption strength of the overall system.
>--
> The image data is transmitted back to Earth at the speed of light
> and usually at 12 bits per pixel. 

-- 
a d y k e s @ p a n i x . c o m 
----