http://www.pcworld.com/article/id,129734-c,harddrives/article.html
http://news.zdnet.com/2100-1009_22-6130824.html?tag=nl
http://news.zdnet.com/2100-1009_22-6166180.html
Apparently the system has a vulnerability - it's only "ON" when the machine is fully switched OFF. Meaning, if you have authenticated yourself to the system successfully, the data is open and available, much like a regular PC. The real value comes in, ironically and unfortunately and maybe expectedly, only when the machine gets stolen or someone makes off with the disk. If you forget the password - tough luck - Seagate will only "reset" the drive but the data is as good as lost.
You boot up the machine and it asks for a password. Further to that, the encryption keys (the algorithm being AES-128 - VERY strong) can be managed by third-party software - such as Wave Systems. Not sure where the keys live though, although unquestionably they'll be in an encrypted state. They also state that the data will be in encrypted condition until/unless requested by an application.
Overall, a very sound idea and I am sure a very neat product, but definitely some improvements should be forthcoming. As they say, a system is only as secure as its password. Choose a horrible password like, HEAVENS!, "password" and neither Seagate nor AES can save you :-) Of course, having two-factor authentication should help TREMENDOUSLY.
Two-factor authentication: Any two of "What you know (password, PIN etc)" "What you have (token, temporary authentication code)" "What you are (biometric, usually, such as iris, fingerprint)"
AES: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment