Protection is Not All it is Advertised to be!
Posted by ThePaladin on February 20th, 2008
Greetings Citizens of the Realm!
The Paladin was poking around the internet and discovered a rather interesting article (you can read the article here) regarding a special hard drive enclosure that was advertised as being very secure with respect to protecting your data.
If you are not familiar with the concept, a hard drive enclosure is a “box” into which you would place a standard hard drive. The reason you would do this is to create your own “portable” hard drive. This box contains power (that is, a plug) and a way to connect it to your computer (typically through a USB cable) and all of the circuitry necessary to allow your hard drive to communicate with the computer.
One of the things that separated this encosure from others was that the manufacturer advertised that the data stored on the hard drive inside of the enclosure was very strongly encrypted.
If you are not familiar with it, “encryption” is simply scrambling the data in such a way that someone else looking at it (be it a human or a program) cannot figure out what the original information was. Of course, encrypting data is of no use if you cannot “decrypt” the data (that is, unscramble it) at a later time when desired.
Now in the world of encryption, there are “better” forms of encryption and “worse” forms of encryption. “Better” forms of encryption are often referred to as “strong” encryption. There are many details that go into whether an encryption method is “strong” or not, but the concept is not hard to see.
For example, if you were to “encrypt” a letter that you were going to mail to a friend, and as an encryption method you decided to spell each word backwards, you would not call that “strong” encryption because it is not that hard for someone to figure out the “code.”
Example: olleH annoD, woh era uoy yadot?
If you look at the above example for a while you will probably be able to figure out the message.
Going back to our original story, it turns out that the manufacturer of this hard drive enclosure was claiming that the circuitry on the enclosure (the same circuitry that allows the hard drive inside the enclosure to communicate with your computer via USB) also strongly encrypts the data passed to it for storage onto the hard drive (and presumably it “decrypts” the data when it is requested by the computer).
Well, it turns out that the manfacturer didn’t have the story exactly right.
While their enclosure DOES in fact provide protection for your data using encryption, it does NOT provide the strong encryption level actually advertised for the bulk of your data.
So all of this is leading up to the moral of the story: When evaluating software, hardware, etc. for use in your computer system that will play a major role in your system’s protection, you should not simply take the word of the manfacturer! Look for independent tests of the features you are interested in. Even better, see if someone you know (and trust) with computer related issues has any experience with the product.
Or, as your mother probably told you…don’t believe everything you read!