Hardware encryption

Question

Hardware encryption

Nathan Martin

Hi /g
What do you think about hardware encryption?
like the 2"5 disk case

April 12, 2017 - 04:26

Other urls found in this thread:

amazon.com/iStorage-DatAshur-256-bit-Hardware-Encryption/dp/B015DBY6CI/ref=sr_1_32?ie=UTF8&qid=1492023511&sr=8-32&keywords=hardware encrypted usb
google.com/amp/amp.dailydot.com/layer8/justin-shafer-fbi-raid/
twitter.com/NSFWRedditGif

Colton Reyes

It's better then software encryption for sure. I want a hardware encrypted USB but they're pretty fucking expensive for a decent one.

April 12, 2017 - 04:31

Luis Hall

I am a reverse engineer.

Hardware encryption is very, very seldom any good.

I've seen "256-bit encryption" turn out to be trivially vulnerable RSA-256. I've frequently seen "AES encryption" turn out to be, well, AES, but with a shitty block cipher mode and a static key, or at the very least awful key management.

I've even seen people make stupid mistakes, or have stupid backdoors, in products that passed expensive and supposedly hard-ass FIPS certification.

I haven't analysed that particular thing, but my snake-oil sense is already tingling.

If you're on Linux, use dm-crypt/LUKS with AES-256 in XTS mode. If you're on Windows, use Windows 10 Pro with Bitlocker encryption in XTS mode and don't save the recovery key to OneDrive when asked (you're trusting MS anyway if you run their software; it was legit and not backdoored when I last disassembled it; and nothing else handles all the various power state transitions without possibly accidentally dumping keys to hiberfil.sys, except maybe VeraCrypt but eh, build process and I have some difficult questions about their integrity).

Software encryption is infinitely more auditable, testable, and has been fast enough to have essentially no performance impact at all for over 2 decades.

If you genuinely want to use hardware encryption, to do any better you either want something open-source and currently in early beta (cryptech.is) or you want something that you can see multiple positive audits on which has successfully passed FIPS 140-2 Level 4 or EAL 7 augmented with no caveats. I know of only one unit that fits the bill, and you have to ask for the price - that is for people who are running CAs and the DNSSEC root, and it has huge disadvantages too.

April 12, 2017 - 04:45

Angel Bennett

Which ones were you interested in and how much are they?

April 12, 2017 - 04:48

Brayden Collins

if it dies you and your data are fucked
like literally, anally penetrated by six hundred sandniggers

April 12, 2017 - 04:48

Julian Martinez

amazon.com/iStorage-DatAshur-256-bit-Hardware-Encryption/dp/B015DBY6CI/ref=sr_1_32?ie=UTF8&qid=1492023511&sr=8-32&keywords=hardware encrypted usb

This one, it's fucking excellent. Water proof, tamper proof, along with many other things.

April 12, 2017 - 04:59

Mason Hughes

Underrated_post::thanx()

April 12, 2017 - 05:01

Henry Wood

Was literally this moment browsing and considering some SEDs, thank you for this excellent post.

I have a followup question, how crazy would it be to layer both veracrypt AND bitlocker (for either whole disks or containers)? The theory being that an attacker would have to find implementation flaws in two seperate fairly reputable products. Might that be infeasible for performance reasons, or is there anything else you can think of that would make this a bad idea?

April 12, 2017 - 05:07

Jason Phillips

>Recommending Bitlocker

April 12, 2017 - 05:09

Cameron Sanders

>how crazy would it be to layer both veracrypt AND bitlocker
honest to god question, what are you storing that you need to go through that to be safe? And it's ok if you tell me you need to keep a text file with your grocery store list away from anyone but isn't it a bit too much?

April 12, 2017 - 05:21

Charles Phillips

>thanks for your answer

for FIPS 140-2 Level 4 is it trustable ?

S othe only trust device is FIPS passed ?
some ex ?

April 12, 2017 - 06:07

Jason Bell

What about stack encryption process ?
like making Luks Volume inside a hardware disk or key ?

April 12, 2017 - 06:12

Lucas Morales

I do a lot of random stuff, experiment with malware kits, test security tools, browse tor sites, etc. Nothing ever even slightly immoral but its hard to know what might appear from the outside to be technically illegal.

My fear is to be caught up in some bullshit investigation for some bullshit reason e.g. google.com/amp/amp.dailydot.com/layer8/justin-shafer-fbi-raid/ and have LE find a cp thumbnail from a tor site I visited by accident years ago, or some similar thing. I also have sex pics of me and my wife which I dont wish to share with the FBI.

April 12, 2017 - 08:43

Ryder Sullivan

Just back up your data on Microsoft one drive, its only a few $s for a tb

April 12, 2017 - 09:13

Camden Miller

>I also have sex pics of me and my wife which I dont wish to share with the FBI.
can you share a couple of sfw ones with us here?

April 12, 2017 - 10:01

Adrian Russell

About as useless and stupid as hardware RAID.

April 12, 2017 - 12:44

Jacob Taylor

it's better than sophos faggot

April 12, 2017 - 12:49

Kevin Sanders

>Just back up your data
>To somebody elses computer
>That you have no access or authority over
>Thousands of miles away
You're a fucking retard

April 12, 2017 - 12:51

Adam Sullivan

Have you taken a look at those WD My Passport?

April 12, 2017 - 13:47

Kayden Torres

>recommends closed source MS BitLocker over open source VeraCrypt that's based on TrueCrypt
wew lad

April 12, 2017 - 17:13

Leo Jones

>numpad

that shit's gonna be bruteforced in 2 seconds

April 12, 2017 - 17:27

Jackson Reyes

What about SW encryption on a drive with HW encryption?

April 12, 2017 - 20:53

1 2 3 Next

Hardware encryption

Last threads