News Lock down your hard drives with Vista

This is stupid when open source programs allow you to encrypt entire drives and volumes inside drives with harder to break encryption. I guess this is just an M$ attempt to stop duel booting linux...

as for "trusted" computing, I have hated the idea since it was call paladium and will continue to hate and refuse to financialy support it.

 

mine seriously theres no way anyone this decade (bar any super advance in encryption can get into my secured data). This freaks the govenment out as they no longer have the ability to pry into everything like they have become acustomed to. In america the govenment has gone as far as banning the use and creation of encryption that they cannot break... so I guess this M$ software will have crap encryption. If it's designed for biusinuss they should be destroying HD's anyway...

 

Erm...good point. You could do exactly what -xp- suggests.

I guess you might have to pull the drive to circumvent a BIOS password. Or if the lappy didn't have an optical drive, or was set not to boot from CD (and the BIOS was locked down).

 

On a laptop you'll still need the bios password, and the login encryption. If you install a new OS on the drive using an seperate PC you lose the data on it, the new OS won't see the data on the old partition as it's encrypted.
If you wanna use the Lappy you still need to bios pass, it's just now you won't have access to the HDD data.

 

No, you can format the disk, you just can't pull any data off of it beforehand.

If I want my data gone, I'll use dban. Till then, the ACLU is my friend.

mclean007 - probably every single one made in the last five years, if not more. The TC modules ("fritz chips") have been in processors or motherboards (I'm pretty sure they're in the proc and not the mobo, contrary to the article) just sitting idle for quite some time. Some newer business laptops already use them, though not quite for this purpose.

 

if you set an administrator password you need to enter it before you can access data from the HDD (well theres some way of locking the HDD w/o p/w)
So its not neccasarily as easy as using the xp cd

if you could use knoppix or somthing with it, your shouldnt have any problems tho

 

Well if they use this across all versions of Vista (which i doubt) it will probably just be another reason for people to carry on using a "funny" copy of Windows. I really dont want all this extra crap causing more hassle than its worth.

It will be useless on a lot of peoples machines anyway (unless the HDD and pc are separated), most people dont bother passwording there pc or they use something too obvious. Or like most of my mates don't bother passwording the administrator account as they use another, so in that case you just use ye old safe mode trick

 

Well, what's stopping people quick formatting them, then getting at the data afterwards? Is the actual data scrambled or is it just the data address? Cause if the whole lot is scrambled wouldnt that take a whole lot more disk space and computational time?

 

That is a very good point!

I once saw a product which kept the encryption keys on a USB key, that way (if you remembered to remove your USB key) the government or any other thief could steal the whole PC without being able to immediately decrypting the disk. As far as I remeber it encrypted the whole lot and worked by being put between the disk and the MB.

But I have to agree with the most of you, if someone wants your data they will get it no matter how well encrypted it is. Burn the HD and the data will be safe... I think

 

When I saw the title I thought of...

(THE STREETS - Has It Come To This)

 

A few people seem to be missing the point somewhat:
This technology is of very limited use at all for the home user wishing to protect themselves from the government. A backdoor wouldn't even be very interesting to the government.

The idea of the technology is to allow business users to throw away hard disks without the fear that someone can pick them out of the dustbin, and read private records.

If the authorities wish to swoop on a paedophile, then they will certainly remove his entire computer, motherboard, encryption chip and all. They will have no problem at all accessing the data so long as the hard drive is still in the computer.

No home user is ever going to want this software: if thieves take the computer, they will be taking the whole thing and be able to access your data so long as they can log in without reformatting. What it would mean in practice to the likes of us, is that we wouldn't be able to take a hard drive to a friend's house to swap data, or upgrade our motherboards with ease.

So in short: I don't see any problem with this feature from the point of criminal activity/national security; it is merely a useful business orientated feature.

 

I think the arguement here is what happens to the hard drive if it's separated from the mobo. If the police are swooping in just take a hammer to the mobo and your hard drive is essentially useless.... however....

What is it on the mobo that does this encryption? A random key? or a fixed key? Would not the mobo/chipset manufacturers know what chips they've sold? Could they not create a second identical chip, drop it in a mobo and have a second "key" to your HD? If so then law enforcement just calls up mobo manufacturer and gives them the serial number of the mobo... they look it up, burn a new chip and send the board to the law who then views your hard drive.

I'm GUESSing at this as a possibility and would be happy to read more on how this will be implemented if anyone can provide a URL with more details.

Thanks
-Gary

 

Admittedly...this is not for everyone, I'm sure you will be able to control this from the bios.

As for 128-256 bit AES encryption being unbreakable...no! We set up a Wireless network and brute foreced our way in with an 800Mhz laptop running Win2K in 8 minutes.

If you can create it...you can break it!

 

well first off, breaking encryption on WiFi is trivial because of the way in which it is transmitted. that is completely different than enryption of a wired device.

second, this is outstanding for the govt and large enterprise sector. many govt agencies have stockpiles of hard drives waiting to be destroyed. this costs enormous amounts of money. for one, govt computers are generally leased, which means they go back to the manufacturer at EOL. this mostly applies to servers. by adding hardware level encryption, the govt can just toss the hard drives in the trash or arrange to have them shipped back to the manufacturer separate from the server itself.

as far as the consumer side, it's really an unneeded option, particularly since the consumer will upgrade hardware as opposed to just upgrading the entire computer. this brings me to my last point.

this means absolutely nothing for laptops. the VAST majority of people do not put BIOS passwords on their laptops. even if they do, pulling the CMOS battery is generally not much more difficult than on a desktop. despite all of this, all you need is a copy of NT Crack and 5 minutes of your spare time to unlock an Admin account.

 

yah, this doesn't seem to be aimed towards the home market at all. encryption either falls into 2 categories, any script kiddy with 10 mins could crack it (windows xp pass)
or if you misplace your randomly encrypted 256-bit key card, it might be hackable but no one cares enough to try.

this definately isn't for the home market as it sounds like changing the mobo could kill it. Also think this will have any impact on Raid Arrays? as in if you need to replace a disk or raid controller, you get screwed over?

and never forget about other forms of password cracking, key logging and just physically spying on it being the easiest

 

unless i have missed anyone saying this allready, encrypted hard disks are only as useful as the password on the user accounts.

PC 1) None-encrypted HDD, no/Weak Windows password - easy access to data.

PC 2) None-encrypted HDD, Strong Passwords - drop the drive into another box or boot off a live CD, snag the Password hash's from Reg, brute force them or stick them into rtcrack with pre formed tables, bang theres your data - just takes a while longer than example 1.

PC 3) Encrypted HDD, strong passwords - how do you snag the hash's to crack now ?

 

That's absolute tosh and he knows it. There are quite a few encryption methods that are utterly uncrackable unless you know the right string, or method for decoding them. You could brute force them, but the data would be mangled into uselessness.

Anyway, this is a feature of Vista that I hope is promptly worked around, or stopped. I'll be happy to flash any "trusted" chip on my motherboard that has this stuff on it.

This is true, but the important word is break, if the right encryption is used then thats exactly what you do, you break it, you don't decode it. While microsoft may be talking about the massive majority of basic or poorly implemented encryption methods in the world, there are some, if correctly set up, that will never, ever be decoded by brute force.

 

So, um, what happens when your Mobo borks?