Hacker News new | past | comments | ask | show | jobs | submit login

I've always been afraid of how self encrypting drives work, since it's really not transparent to the user what's going on. I'd be fine using it as an additional layer (since it's generally "free" from performance perspective), but I'd trust CPU-based encryption (with AES-NI) for bulk disk crypto like file vault, and then application-specific (or more "trusted" apps like gpg) for things which actually matter.



Yeah, the pressure of NSA demanding access on anything resembling HSM is obvious. Anything that's not open source has the potential to hide undesired behavior.

Also, more fun would be "cryptolocker" disk-based malware. The aspects of capability exist elsewhere today as mentioned in the article and cryptolocker's $15 million USD and counting.

Also also: is there any HIDS yet for checksumming various chipset/peripheral firmwares?


I'm doing a talk on an open hw design/open source HSM at ShmooCon in a month or so, which seems like the only viable way to deal with this threat.

TCG (TPM, TXT, ...) Measured boot sort of includes firmware checksumming. It's often turned off.


I bought a new laptop about six months ago and I made sure to buy an SED SSD but I'm still using dm-crypt/LUKS encryption on top of it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: