Monday Toshiba revealed a new technology for its Self-Encrypting Drive (SED) hard drives that allow for secure wiping of sensitive data when a system is powered down, or when the HDD is physically removed from a system. Called Wipe Technology, the new tech could also be used to erase user data before returning a leased system, or before a defunct system is taken out to the trash.
But there's a catch: the data isn't really deleted. When the drive's power supply is severed, Toshiba's Wipe Technology merely invalidates the security key that was originally used to encrypt the stored data. Without the key, data becomes indecipherable and virtually "erased" to would-be snoops. Now nervous administrators won't have to worry about company notebooks loaded with sensitive info being left behind at the local bar.
Although Toshiba's Wipe Technology would be ideal for government use, the company indicated that copier and printer systems vendors would benefit by automatically erasing the SED's internal encryption key, eliminating "data at rest"--sensitive document images stored on the hard drives inside copiers and printers.
"This feature can easily be used prior to system disposal or re-purposing to ensure that private data never leaves the control of the responsible business unit or IT department," Toshiba added. Wipe Technology also reduces overall time investment to secure data, removing the need to use overwriting software to erase data or physically destroy a device.
Toshiba's new Wipe Technology will be included on the 2.5-inch 7200rpm SED HDD announced last month. The drive will supposedly offer on-board encryption and improved access security for both notebooks and desktops. It was also designed with the Trusted Computing Group "Opal" Specification in mind.
So how's that for security when this subject is little talked about - and by that I mean that all modern ATA/SATA drives should have the Secure Erase command built-in, but don't, along with the fact that no company alerts the user who sells their used HDD's on ebay or disposes of them, thinking that a simple format or file overwrite is enough ?
I know that the State must love this ignorance because it makes forensic data retrieval a lot easier, but in the end ingnorance is never good for anyone.
Im pretty sure a good hacker can get into it without you even knowing about it!!
Though deleting the key is a great feature, I'm sure someone who's really, really compelled to do so will find a way to break the code at some point.
Touche. Intel has already integrated an AES chip set into their i7 processors which TrueCrypt can see a 5x+ performance gain. However, the problem with encryption is for half the folks they are going to take any kind they get and run with it blind while the other half is constantly paranoid about it doing its job and putting all their eggs in one basket. To that effect TrueCrypt has built up such a reputation that many don't want to use the Intel design even though it's faster because they are paranoid that Intel sabotaged the design and isn't "Secure". It's really an unwinnable battle when you speak about encryption.
However if you combine both Wiping + Encryption it's a pretty solid bet that you will be safe especially if you encrypt a file before performing a DOD 3 execution wipe method. Even that is overkill when it comes to wiping data. Like a good conspiracy theory that is believable, you have to just look past the possibilities and go on living your life with caution and not getting hung up on what may be possible and what isn't, with data it's the same way. I don't think people should fear the government as some mastermind overlords that nothing isn't within their reach.
My point is, any businesses considering this technology (and any potential home users) don't have enemies powerful enough to break this encryption, and thus, wiping the key is good enough for the foreseeable future. Sure, someone, someday will be able to decrypt the data, but by then, will anyone care (will the data be relevant, will the drive still even exist)?
I cringe everytime I know millions upon millions of dollars of secret research and data is being thrown out on an unsecure drive.
Wipe the key, then wipe the disk. (Or degauss it or destroy it!)