Practical Security
rzwitserloot posted in security on June 18th, 2006

Computer Security is an ill-understood subject. Generally, one is either utterly clueless about it (and movies aren’t helping, spewing forth such misguided wisdom as ‘any system, given enough time, can be cracked’), or quite the expert, and the initiated have a tendency to overdo it a bit, putting it mandatory password changes every month and such.

The security aspect that interests me personally involves ‘painless’ security - security measures that don’t really inconvenience anyone or anything. Easy to implement, fire and forget, hard to screw up. Stuff like that.

You may have heard about research to fully and irreversibly erase harddrives in minutes.

I don’t know how much it costs to have such a system installed next to a computer, but it sounds very expensive. I don’t know exactly how much was spent on research, but it sounds expensive.

A shame really, because that research was utterly useless - a real example of completely overdoing the security aspects without thinking. Here’s where practical security rears its head: Using the worlds most formidable magnets to try and toast a drive is ludicrous and decidenly unpractical.

So here’s the practical security method:

During Operating System installation, the user is to randomly smash away at his keyboard for a while until 256 bits of random data are acquired. This does not take long at all - less than a minute of random whacking. This key is stored, in the clear, on 20 different locations on the harddrive.

From then on, ALL data written to and read from the HDD is run through AES-256, a simple but effective encryption system. If you’re worried about speed, it’s very fast, but if need be, you can buy off-the-shelf chips that do the work for you - they can be soldered directly onto the harddrive control board by a harddrive manufacturer for a dollar, if that. So, you can build this right into the harddrive, or the operating system can rewrite its file system driver (in a day or so, this is very simple, there’s free, open source, off the shelf code) and do it that way.

If the data is to be erased, overwrite the 20 areas holding the key with random data, each area about 50x. That takes a modern drive about a second. Well within the contraints of wiping your drive FAST when neccessary. There’s no way you’re ever going to recover the key from those areas again.

From there on out, the system will write random data in random locations forever, until the power is pulled. Shouldn’t be neccessary, really - AES-256 is in practice unbreakable. In the unlikely event some magic bullet comes around to solve this problem (faster computers won’t do, the only way is a mathematical break, very unlikely given the exhaustive research done on AES, or a huge quantum computer array which may not even be physically possible, we (science) just don’t know yet).

Et voila. Should work better than the big magnet, is just as secure (I’d rate the chances of AES-256 being broken about equal to the chance you can still read some data off of that magnetized drive) and it’s completely painless. The biggest problem is the generation of that key. You could take some shortcuts for the common user and generate it by timing when the device is turned on for the first time and using that for random data.

Because the key is stored on the drive itself, you’ll never notice. The drive can be copied, mounted on other systems, whatever you like. Totally transparent. It’ll keep working until you hit the big red button - then the data is gone. Forever.

That’s practical security. It’s simple, free, yet very very effective.

Blast. I should have applied for a 5 million research grant first before writing this. Silly me.