Content deleted Content added
→Hard Disk Drive FDE: Reworded vague statement on key length |
No edit summary |
||
Line 3:
There are current two varieties of hardware-FDE being discussed:
#Hard Disk Drive (HDD) FDE
#Bridge and Chipset (BC) FDE
==Hard Disk Drive FDE==
Line 10:
[[Hitachi]], [[Seagate]], [[Samsung]], [[Toshiba]], [[Western Digital]] are the disk drive manufacturers offering [[Trusted Computing Group|TCG]] OPAL [[Serial ATA |SATA]] drives as well as the older, and less secure, [[Parallel ATA|PATA]] Security command standard. All drive makers have suggested the appropriate term for this new class of device and new type of functionality be "self-encrypting drives."
An example of speciality drives modifying commercial drives for self-encryption is Stonewood with their Flagstone drives.<ref>[http://www.stonewood.co.uk/index.php/encryption/flagstone.html www.stonewood.co.uk/index.php/encryption/flagstone.html]</ref>▼
==Chipset FDE==
▲An example of speciality drives modifying commercial drives with BC for self-encryption is Stonewood with their Flagstone drives.<ref>[http://www.stonewood.co.uk/index.php/encryption/flagstone.html www.stonewood.co.uk/index.php/encryption/flagstone.html]</ref>
[[Intel]] announced the release of the Danbury chipset<ref>[http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/ www.theregister.co.uk/2007/09/21/intel_vpro_danbury/]</ref> but has since abandoned this approach.
==See also==
Line 19 ⟶ 20:
*[[Disk encryption software]]
==Feature - Benefits==
Hardware based encryption when it is built into the drive or within the drive enclosure is notably transparent to the user. The drive except for bootup authentication operates just like any drive with no degradation in performance. Unlike software FDE, there is no complication since all the encryption is invisible to the operating system.
The two main use cases are Data At Rest protection, and Cryptographic Disk Erasure.
In Data At Rest protection a laptop is simply closed which powers down the disk. The disk now self-protects all the data on it. Because all the data, even the OS, is now encrypted, with a secure mode of AES, and locked from reading and writing the data is safe. The drive requires an authentication code which can be as strong as 32 binary bytes (2^256) to unlock.
With Cryptographic Disk Erasure the drive is commanded, with proper authentication credentials, to change its media encryption and go into a 'new drive' state. Unlike other forms of sanitization, this action takes a few milliseconds at most. So a drive can be safely repurposed very quickly.
==References==
{{reflist}}
| |||