When it comes to privacy, it's usually the users computers σε όλο τον κόσμο είναι πρόθυμοι να πληρώσουν κάτι παραπάνω για να κρατήσουν τα archives τους μακριά από τα αδιάκριτα βλέμματα. Και για πολλούς ανθρώπους οι σκληροί δίσκοι με αυτο-κρυπτογράφηση, όπως οι My Passport της Western Digital is the first choice.
On the other hand, hard disk manufacturers offer their products at affordable prices and with the promise of protecting all the data stored in them, so the final buyer feels he has a very good quality for the money he will spend.
But that high-level encryption that companies claim to offer is not as advanced as some believe.
Security researchers who have studied this self-encryption method have published a relevant document at Full Disclosure email list where they focus on the issues that affect this kind of hard drives, especially those made by Western Digital. For example, a malicious firmware upgrade could compromise the encryption of the hard drive, but the basic problem is another.
Before proceeding, keep in mind that the Full Disclosure email list is the site where security researchers announce their findings that they have not responded to after contacting the parent company. In other words, Western Digital has been informed of the security problems found by these experts, but declined to cooperate and consider the issue. So the researchers decided to make them publicly available to the public.
In accordance with Motherboard, which interviewed Matthew Green, assistant professor at Johns Hopkins University, one of the main issues, which also affects Western Digital's My Passport drives, is that the wrenches encryption keys are generated using the C rand() function, which means that the disk does nothing more than pick a pseudo-random number to use to encrypt itself. The C rand() function is a simple command and it is not its job to generate a really strong key.
The key as long as it is needed to create circulates in the form of 32-bit, which makes it easy to break in a short time, even with a simple computer.
But the parade does not stop there. Passwords are actually stored on the hard drive in plain text (!!!).
As for Western Digital, the company said in a statement that it had already talked to security researchers about the encryption issues used on some hard disk models, and was in the process of "evaluating the observations".
If you want a conclusion through all of the above, then we suggest the following: Do not trust a self-encryption of a hard drive and make sure that you do not copy critical data to such a drive. Passwords can be locked. Prefer encrypting your discs only with programs of your choice.
