

The self-encrypting hard drive - rsmiller510
http://strom.wordpress.com/2012/02/09/the-self-encrypting-hard-drive/

======
cypherpunks01
I'd be very worried about special proprietary drives like these that have an
encryption/decryption chip. What if the chip fails? How easy will it be to
read the bytes off of a drive if it fails in the future? Here are my solutions
instead:

On a Mac (Lion+), use FileVault 2. It provides pre-boot full drive encryption.

On Linux, use dm-crypt/LUKS. Why oh why is this still not easy to set up?

On Windows, use TrueCrypt full drive pre-boot authentication.

On an Android phone (ICS+), use the new android full drive encryption.

On an iPhone, I imagine you're SOL?

~~~
gtank
Fedora has proper disk encryption as a checkbox option during installation.
It's very easy to set up.

~~~
archangel_one
Ubuntu does as well, with a choice between home directories only or the whole
disk. It's not actually _that_ hard to set up dm-crypt manually, although not
something I'm about to suggest to my grandmother.

------
mindslight
Friends don't let friends use snake oil encryption, like the kind offered by
"on-disk" solutions. That thing even has key escrow - either cheaply-
implemented 'trusted' hardware, or a second 'secret' key known by every copy
of the unlocking software! There's little impetus for widespread analysis of
any of these proprietary solutions, as there's too many models to focus on. If
you actually want to protect your data, stick with the standard software FDE
for your OS - it _should_ be a one-click option (and hopefully the default) at
installation time.

~~~
pavel_lishin
> or a second 'secret' key known by every copy of the unlocking software!

Are you sure that each drive doesn't have its own key, tied to the serial
number?

~~~
phaer
Wouldn't that mean that the manufacturer still has the secret key? That would
make you vulnerable to government agencies,... and it is not the case if you
use truecrypt or dm-crypt/luks.

------
junto
I have this from Wave Systems on my 6 year old Dell laptop. Secured with
finger print scan at boot time (or password). Used it for a while but then
after the first rebuild of the OS I switched the feature off.

------
Game_Ender
If someone has a recommendation for one of these drives with decent
performance that would be great. We have some with spinning disks in laptops,
and I would love to be able to upgrade to an SSD based one.

~~~
rdl
I like the Intel (SSD 320/520). Unfortunately I haven't figured out how to get
the crypto to work on Mac OSX.

I haven't fully analyzed it because I couldn't get it to work with a Mac, but
for PC, it looks ok.

------
RexRollman
What I worry about with WDE are unclean shutdowns. Does anyone know if WDE
increases the risk of ending up with an unbootable computer?

------
hogu
we use them at work and it makes our laptops unbearably slow.

------
swatthatfly
Windows only.

~~~
rdl
Some work on Linux too, but so far I haven't found a good SED solution for Mac
OSX, which is what I care about on laptops now. The lack of a traditional BIOS
complicates things.

