Keith C. Perry on 27 Jun 2015 16:02:38 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] USB-attached, hardware-encrypted card reader ... why vaporware?


Bergman...

Your subject end with "why vaporware?"

and in addition, you said,

I don't see anything on-topic in your responses to my query about
hardware devices to portably encrypt generic SD cards.

I've got a use case that I think is fairly common -- the ownership and
use of a number of SD cards, particularly during travel. While
convenient, these are easy to loose, or may be in a bag that's stolen.

Hardware encryption of generic flash cards offers security,
expandability, value, and device independence that none of the
solutions you suggested can provide, which is why I turned to this list
to find out if I had overlooked a relevant solution.

Have you considered that the reason you are asking is a hardware-encrypted card reader vaporware or not for what you consider a "fairly common" use case is actually not?  Given that, that perhaps software based solutions are relevant?

I won't speak for Brent but my comments were based on what I know is out there in the market- well established methodologies if you will.  That said, what I might not have communicated properly is that is for the hardware encryption that is available, it is not worth the money.  As far as comments about hardware durability, there is a reason why such things do not exist- it they get damaged the data cannot be recovered.  That was the problem with the HP and another similar device that I can't remember the name of now.

Your statement about "maintenance" for LUKS are completely incorrect.  It is a file / disk format, it has nothing to do with the OS other than the fact that you find it native to Linux.  LUKS can encrypt data with any encryption cipher supported by the kernel you are running.  Truecrypt was mostly a Windows thing that has since been abandoned as we all know and cryptsetup's compatibility with that format was only added in the last couple of years.  Worse case scenario is having to load a module.  If you stick to the 4 AES finalists (or the official AES variant) you'll be fine.

I have had to wrestle with the same issues as you.  I have lots of SD, flash, and externals drives floating around.  I just encrypt everything into LUKS containers (files) or partitions because I've found its the best solution.  I'm also using Linux 99% of the time.  Most my external media is bootable so if I ever needed something out of the the encrypted space on Windows (and I guess Intel based Macs), I just boot that system off my drive, access the encrypted space and copy the files to the Windows or Mac internal drives or to the non-encrypted space on my external.  That would by bypass OS restrictions but not native encryption for those systems.  Its longer process but it works.  When finished, reboot back into Linux, reverse process and also shred (i.e. cryptographically overwrite then delete) the files on the non-encrypted drive.

The alternative is to use a software solution that does work across platform.

In summary, again, I don't think what you are looking for exists in the retail market.  So... vaporware, yes.

Also, here's an article from 2010

http://www.pcworld.com/article/189034/how_on_the_go_drive_encryption_can_protect_data.html


Final thought...  It probably possible to hack something together using an ARM SBC but that seems like overkill.


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Owner, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167
www.daotechnologies.com


From: bergman@merctech.com
To: "brent saner" <brent.saner@gmail.com>
Cc: "Keith C. Perry" <kperry@daotechnologies.com>
Sent: Saturday, June 27, 2015 5:42:24 PM
Subject: Re: [PLUG] USB-attached, hardware-encrypted card reader ... why vaporware?

In the message dated: Sat, 27 Jun 2015 16:49:15 -0400,
The pithy ruminations from "Keith C. Perry" on
<Re: [PLUG] USB-attached, hardware-encrypted card reader ... why vaporware?> we
re:

While the stuff you each wrote about encrypted USB flash drives and
software encryption (subjects about which I'm quite familiar) may be
accurate, aside from the statements:

        "personally, i don't trust hardware encryption- it doesn't allow
        for tweaking or transparency, and due to the limited hardware
        onboard they tend to be fairly limited."

and
        "I don't trust small hardware to be be durable"

I don't see anything on-topic in your responses to my query about
hardware devices to portably encrypt generic SD cards.

I've got a use case that I think is fairly common -- the ownership and
use of a number of SD cards, particularly during travel. While
convenient, these are easy to loose, or may be in a bag that's stolen.

Hardware encryption of generic flash cards offers security,
expandability, value, and device independence that none of the
solutions you suggested can provide, which is why I turned to this list
to find out if I had overlooked a relevant solution.

Frankly, I disagree with your contentions about 'small hardware' not being
durable or trustworthy -- particularly when that hardware has things like
FIPS certification, epoxy-potted components, etc. In my personal
experience, and considering the boxes of failed storage devices at $WORK
that are awaiting destruction, mechanical hardware (disk drives & fans)
and their power supplies have a far greater failure rate than flash
drives. In several years worth of experience with hardware-encrypted
USB drives & flash drives, we've had zero failures, while I've seen
problems with LUKS (and other software solutions). Yes, a software-based
solution offers more of an opportunity to recover after a problem, but
at the risk of being more fragile and requiring more
'maintenance' (think OS upgrades on encrypted devices, driver updates,
migration from untrusted software [ie., Truecrypt] to other products)
in the first place.

For many people and situations, a low-maintenance applicance (ie.,
hardware encryption) requires less effort to configure and use.

Thanks anyway,

Mark
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug