http://www.extremetech.com/article2/...129TX1K0000532

A interesting article popped up on ExtremeTech today about encrypted drives.
Although this is already possible and has been done for years, I guess with
trusted computing and Vista support, it's (trying?) to go mainstream.

~David~

~David~ <shadoweyez@gmail.com> wrote in news:%LbIf.28617$Jd.9036
@newssvr25.news.prodigy.net:



The "trusted storage" is trusted, not by the owner/user of the computer,
but by those who supply hardware, software and services for it. It makes
the computer owner no more than a serf working the overlord's land.

It is a giant deception that has been roundly denounced by many, including
many computer luminaries, as the whole sham has morphed through a half-
dozen or so names, trying to shake the stigma of each last one as the
stinging denunciations ring out.

Regards,

~David~ <shadoweyez@gmail.com> wrote in
news:%LbIf.28617$Jd.9036@newssvr25.news.prodigy.ne t:

A.k.a. `treacherous computing'

Sample readings:
http://www.gnu.org/philosophy/can-you-trust.html
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom

I agree this is not something "we" (normal users, non-government people) can
trust and in reality it will probably create another layer of stuff for
sys-admins trying to recover data from a drive...

What I wonder about is something the article said: it was my understanding the
article said the keys will be stored on a hidden partition on the drive. If so,
that's useless, because "hidden" partitions are not really hidden and it would
be relatively easy for the attacker to access the partition and keys.

It seems that on the whole the best thing out there is either TrueCrypt or
loop-aes. Funny how no ones promoting those as solutions to data privacy; what
would be the commercial interest in promoting something that's free, and what
would be the governments interest in promoting something that's probably hard
even for them to break into. Instead we get a "trusted" computing model, where
the only people who can trust it are the companies that build (and profit from)
it and the government.

Enough ranting all,
~David~

~David~ wrote:

~David~ wrote:

Not to address the precise subject at hand, but just as general
information, this scheme isn't necessarily as insecure as you might think
at first glance.

There's a good number of encryption schemes that use an encryption key
that's encrypted to a pass phrase, and the encrypted "session key" is
included in the ciphered text. The data itself is protected by a strong
encryption key, which is in turn protected by a (hopefully) strong "key"
or "phrase" itself.

Whether or not this is even what we're talking about here I haven't a
clue. I just wanted to point out the possibility that it may be secure
enough of implemented properly.

TwistyCreek wrote:
will be from what perspective. If this model is used to prevent people from
copying songs (say by having the hardware recognize a DRM song, and encrypting
it, so if it's copied to another computer it can't be read) rather then
something that would benefit the user like encrypting data so miscreants can't
access it, then it's not a good use of the model. And for things like
encrypting data, there are already many good secure solutions out there.