Are SEDs NSA safe?

[beatgammit]

I read about SEDs (self-encrypting drives), and it seems the NSA has "rubber stamped" Seagate's AES implementation on those drives. This sounds good on the surface (minimal performance hit, while ensuring drive encryption), but when I put my tin-foil hat on, I'm not so sure.

Have there been any independant (i.e. non-NSA) reviews of SED technology? Here's my list of tin-foil-hatty concerns:

• I can't verify that the data on the platters is actually encrypted.
• The source for their AES implementation isn't available? Even if it was, it's probably in hardware, so I can't verify that the source matches the implementation.
• There don't seem to be tools for Linux/BSD for setting the drive passwords.
• I can't change the password without loosing my data (both good and bad).

I'm not a security expert, but I have taken a security course, so I understand enough to never trust a source that stands to benefit from invalid information.

 

[tingo]

Nothing is secure. The only way you can verify the total security of something, is by doing all of it yourself.

You know, some people are well aware about the state of security in the world today, which is summed up like this:

1. everybody is spying on everybody (really, on as many as they have a budget for)
2. people will try to get your money (through malware, social engineering, or by appealing to your greed)
3. every now and then, a security hole (or general sloppiness) will expose personal details (usernames, passwords, credit card numbers, etc.) that you have entrusted to a third party.

Still, some of us prefer to keep our tinfoil hats off and try to enjoy life.

As for the vectors of attack above, here is one way to handle it:

1. do nothing, unless it is your neighbor spying on you (report him to the authorities)
2. be alert, if an offer looks to good to be true, most of the time it isn't true
3. limit your exposure; don't use the same details (usernames and passwords) on every site.

Good luck.

 

[Crivens]

I would really, really, make an attempt to get hold of the data sheets of the crypto chips. Denying this is a red flag to me.

I heard about external enclosures giving you encryption with up to four different keys to set - when the chip used has five. So, the question when it comes to this is not if you are paranoid, but if you are paranoid enough.

 

[throAU]

Three questions to ask before trusting any encryption:

• Who has the private key?
• Where is it stored?
• How was it generated?