encrypted hard disks

hi,

I would like to have some "rack" hard disks encrypted at a low-level in
order to have a quite speedy access to the datas and to have and even
the OS encrypted.

Is there any pci card or similar which can provide encryption for the
boot hard disk (sata/eide) and/or for other hard disks (sata/eide).

If yes, about how much money does they cost? And how much strong is the
encryption?

Thanksa a lot for any information!
SiD`

§iD` wrote:

> hi,
>
> I would like to have some "rack" hard disks encrypted at a low-level in
> order to have a quite speedy access to the datas and to have and even
> the OS encrypted.
>
> Is there any pci card or similar which can provide encryption for the
> boot hard disk (sata/eide) and/or for other hard disks (sata/eide).
>
> If yes, about how much money does they cost? And how much strong is the
> encryption?
>
> Thanksa a lot for any information!
> SiD`

If a hard drive itself (hardware-level encryption) were used, the hardware
could be used to find the encryption technique and keys (in theory) and
then the data would be as good as theirs. I would think that something in
the file system layer would be better, i.e. in the modules (or in the
kernel portions) that access the file systems. You may want to try to use
EFS (encrypted file system) or something even more powerful (like the
supposed "phone book" file system, which I've only heard about).

--
"Love is an ideal thing, marriage a real thing; a confusion of the real with
the ideal never goes unpunished."
-- Goethe

NeoSadist wrote:

> §iD` wrote:
>
>
>>hi,
>>
>>I would like to have some "rack" hard disks encrypted at a low-level in
>>order to have a quite speedy access to the datas and to have and even
>>the OS encrypted.
>>
>>Is there any pci card or similar which can provide encryption for the
>>boot hard disk (sata/eide) and/or for other hard disks (sata/eide).
>>
>>If yes, about how much money does they cost? And how much strong is the
>>encryption?
>>
>>Thanksa a lot for any information!
>>SiD`
>
>
> If a hard drive itself (hardware-level encryption) were used, the hardware
> could be used to find the encryption technique and keys (in theory) and
> then the data would be as good as theirs.

Even worse - hardware-level encryption is *only* useful if you are
afraid of physical theft of the drives.
Think about it - what seems more likely, that a drive is stolen from an
(assumed) protected colocation rackspace, or that its data is
compromised over a network ?
As long as the drive is in use /something/ has to have unencrypted
access to its content, since it has to be *used*, right ?

I think a network exploit that exposes the higher-level (ergo decrypted)
data to an outsider is much more likely to occur than an actual theft.


--
J

All your bits are belong to us - again.

In <g9i412-gf9.ln1@core.adaptr.nl> Jeroen Geilman wrote:

> NeoSadist wrote:
>
>> §iD` wrote:
>>
>>
>>>hi,
>>>
>>>I would like to have some "rack" hard disks encrypted at a low-level in
>>>order to have a quite speedy access to the datas and to have and even
>>>the OS encrypted.
>>>
>>>Is there any pci card or similar which can provide encryption for the
>>>boot hard disk (sata/eide) and/or for other hard disks (sata/eide).
>>>
>>>If yes, about how much money does they cost? And how much strong is the
>>>encryption?
>>>
>>>Thanksa a lot for any information!
>>>SiD`
>>
>>
>> If a hard drive itself (hardware-level encryption) were used, the
>> hardware could be used to find the encryption technique and keys (in
>> theory) and then the data would be as good as theirs.
>
> Even worse - hardware-level encryption is *only* useful if you are
> afraid of physical theft of the drives.
> Think about it - what seems more likely, that a drive is stolen from an
> (assumed) protected colocation rackspace, or that its data is
> compromised over a network ?
> As long as the drive is in use /something/ has to have unencrypted
> access to its content, since it has to be *used*, right ?
>
> I think a network exploit that exposes the higher-level (ergo decrypted)
> data to an outsider is much more likely to occur than an actual theft.

Both are important for some people and should not be discounted just because
it is not so in your case. There are a lot of places that are reasonably
light on physical security (and would be unreasonable to have them properly
guarded) but contain sensitive data that could be of interest to a common
thief.

I have never used them but I would hope the IDE card that perform on the fly
encryption ask for a passphrase during the BIOS initialisation process.
Otherwise the thief would have the decryption method when they took the
controller. There are cards that do perform in the fly encryption but
software encryption is often considered better due to changes in the US
export laws.

If using software encyption its probably not a good idea to encrypt the OS
as it would make it impossible to repair if you have to boot from a rescue
disk. I think some distributions (Mandrake?) give the option of encryption
during install.

On other systems you can set up any non-os partition as encrypted using the
device-mapper and dm-crypt.

Why anyone would feel the need to encrypt a publicly available OS has got me
wondering? The only thing I can thing of is swap partition security.

We have recently released a network hard
drive with 128 bit encryption at
http://www.stormshare.com. Maybe this would give you encrypted storag
without
the hassles of drivers etc


-
brettstor
-----------------------------------------------------------------------
Posted via http://www.webservertalk.co
-----------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message386297.htm