What Are Drive Warranties Really Worth?

[Rod Speed]

Huh? Lots of people don't use XP.

Irrelevant to what is no hassle if you are using XP.

And some people who do use XP and want encrypted
filesystems run XP as a guest OS under something like
VMware so they can do the encryption on a host Linux
system specifically because there's apparently stuff wrong
with XP's encryption (I'm not familiar with the specifics).

Its pure bullshit when you are just encrypting
'confidential business data and correspondence'

OK, that's fair.

The business data might be video recordings.

Sure, so encrypting some things is harder than others.

And XP encryption works fine for video recordings.

I don't believe that, if the encryption is any good.

Irrelevant what you believe, its true anyway.

It's relevant to whether there is hassle.

Nope, its perfectly possible to do backups of
encrypted file systems without any hassle at all.

You mean backup to HD?

Backup to anything but tape. Its the only backup
medium that has that particular problem.

Streaming isn't a problem but the slowdown is
still significant in that the backup takes longer.

Sure, and it isnt great for the drive too.

It's a problem for servers too.

Sure, but there are obvious ways around it with them.

And anyway it still matters for desktops.

Nope, not if tape isnt being used for backup.

This is one of the issues in my thoughts when I consider
buying an LTO drive on Ebay for personal backups.

Tape is WAY past its useby date for personal desktop backup.

Lousy value basically.

Even for backup to DVD it's significant.
Nope.

The alternatives add complexity.

Nope, completely automatic with some approaches to backup like imaging.

Isn't that what I said?
Nope.

Encrypt everything instead of trying to
separate the sensitive from nonsensitive data.

Hardly a choice thats easy to get wrong.

Well ok, but there must be a general description around somewhere.

The drafts are available for free.

I want to find out more about this ATA security.

Read the standard.

Is it something implemented inside the drive?
Yes.

How many drives actually support it?

Most laptop drives and plenty of desktop drives.

 

[Paul Rubin]

Irrelevant to what is no hassle if you are using XP.

Huh? Here is what you wrote:

Message-ID: <[email protected]>
Date: Mon, 18 Dec 2006 07:27:21 +1100

Completely trivial to encrypt that too if you consider the risk of
it getting seen by anyone when you return the drive matters.

That doesn't say anything about XP. XP is something you sprung
afterwards. Why should I care about XP? Why should I assume anyone
is using XP?

Anyway I'm not so convinced it's so trivial in XP, because people ask
about it regularly on sci.crypt (but I don't pay much attention since
I don't use XP).

Its pure bullshit when you are just encrypting
'confidential business data and correspondence'

I wouldn't count on it.

And XP encryption works fine for video recordings.

You missed that the hard drive is embedded inside a camcorder. The
data is written on it by the camcorder firmware. Not XP. The hard
drive in the camcorder is as capable of crashing and needing warranty
repairs as a desktop HD. What now?

Irrelevant what you believe, its true anyway.

Weren't we just talking about HD throughput in the 80+ MB/sec range?
Show me some software encryption that goes that fast without using
enough of the CPU to slow down the application.

Backup to anything but tape. Its the only backup medium that has
that particular problem.

DVD doesn't have it (buffer underrun blah blah)?

Sure, but there are obvious ways around it with them.

You mean staging on a disk drive? Yeah that's common but not
universal, and creating extra requirements is hassle by definition.

Tape is WAY past its useby date for personal desktop backup.
Lousy value basically.

Lousy value perhaps but all the alternatives seem worse. Main
drawback of tape is the drive is more expensive than I'd like.

Nope.

16x DVD = 21.5MB per sec, you need 2x that if you want to decrypt the
disk and encrypt the DVD on the fly.

Nope, completely automatic with some approaches to backup like imaging.

Now you're constraining your backup methods, more hassle. What if you
want to back up only part of the file system, or not use the same key
on the HD and the backup medium. What if you want to do differential
backups. On-the-fly makes everything a lot simpler. Look what you're
saying anyway, first that encryption imposes no performance hit, but
then that you can avoid the performance hit by limiting yourself to
specific backup strategies with various drawbacks. Either way, it's a
hassle.

Do you ever use this stuff in real life? If not, why do you think
your opinions are something other than worthless?

The drafts are available for free.

Thanks, that helped, I found

http://www.seagate.com/support/disc/manuals/ata/d1153r17.pdf

("Working T13 Draft 1321D") through Google. It mentions some commands
like "security set password" but this seems to be an access password
like the one on Travelstar drives, not drive content encryption.
Although removing those passwords is apparently not trivial, it's
known to be possible. See:

http://www.nortek.on.ca/Password Removal/PasswordFaq.aspx

Most laptop drives and plenty of desktop drives.

But it appears to not encrypt the drive.

Irrelevant to what is no hassle if you are using XP.

You don't get to decide who uses XP and who doesn't. You have a
pretty weird idea of "trivial" if it includes "switch whatever
computers you're using to Wintel". And if your theory about XP
encryption is as accurate as your theory about ATA security then it's
not reliable.

Here's an article about Windows EFS, which does make it sound somewhat
reasonable:

http://en.wikipedia.org/wiki/Encrypting_File_System

However it's limited to NTFS. You mentioned thumb drives and those
typically use FAT32 (yeah you could reformat but you wouldn't be able
to interchange across OS's. Yes I do want encrypted thumb drives to
interchange across OS's and it's a hassle if they don't). Also not
clear is what you have to do to encrypt the swap area (I'm not sure if
that's outside the filesystem in XP). And what about the system
partition? If you normally have to mount the EFS as drive
D/E/F/whatever and leave the C partition unencrypted, you have to be
very careful with configuration to avoid leaking plaintext into the
registry, temp files, etc. Again it may be possible to get this right
but it's easy to make mistakes.

Anyway I appreciate your wisdom about drive hardware but I think we've
plumbed the depths of your encryption knowledge at this point.

 

[Rod Speed]

Huh? Here is what you wrote:

Message-ID: <[email protected]>
Date: Mon, 18 Dec 2006 07:27:21 +1100

Completely trivial to encrypt that too if you consider the risk of
it getting seen by anyone when you return the drive matters.

That doesn't say anything about XP.

Doesnt need to when its what most use.

XP is something you sprung afterwards.
Nope.

Why should I care about XP?

Why should anyone care what you use ?

We were discussing what most do about hard drive warranty claims.

Why should I assume anyone is using XP?

Why indeed.

Anyway I'm not so convinced it's so trivial in XP,

More fool you.

because people ask about it regularly on sci.crypt

Plenty ask about all sorts of things in Win on a regular basis.

(but I don't pay much attention since I don't use XP).

You have always been, and always will be, completely and utterly
irrelevant. What you may or may not use or care about in spades.

I wouldn't count on it.

More fool you.

You missed that the hard drive is embedded inside a camcorder.

Nope. That is just one way of doing video recordings and is a separate
matter entirely to what was being discussed, WHO WORRYS ABOUT ACCESS
TO THE DATA ON HARD DRIVES BEING RETURNED UNDER WARRANTY.

The data is written on it by the camcorder firmware. Not XP.
Duh.

The hard drive in the camcorder is as capable of crashing
and needing warranty repairs as a desktop HD. What now?

You get the obvious choice with the warranty claim in
that case and if its flagrantly illegal child porn, it might
not be a great idea to bother with the warranty claim.

Weren't we just talking about HD throughput in the 80+ MB/sec range?

Not in this particular thread we werent.

Show me some software encryption that goes that fast
without using enough of the CPU to slow down the application.

Irrelevant to what is perfectly viable with
'confidential business data and correspondence'

And there is **** all that actually needs
anything like 80+ MB/sec range anyway.

Its only really with backup that that would even be a consideration
and you dont need on the fly encryption with backup anyway.

DVD doesn't have it (buffer underrun blah blah)?

Not in the sense that the XP encryption is perfectly viable with DVDs.

You mean staging on a disk drive?

Thats just one way. The other obvious approach
is to not do on the fly encryption with backup.

Yeah that's common but not universal, and
creating extra requirements is hassle by definition.

Not doing on the fly encryption with backup doesnt.

Lousy value perhaps but all the alternatives seem worse.
Nope.

Main drawback of tape is the drive is more expensive than I'd like.

Thats what lousy value means.

16x DVD = 21.5MB per sec, you need 2x that if you
want to decrypt the disk and encrypt the DVD on the fly.

Then dont encypt on the fly. No need for that.

Now you're constraining your backup methods,
Nope.

more hassle.

Nope, not if its how you do your backup anyway.

What if you want to back up only part of the file system,

Still dont need to do on the fly encryption.

or not use the same key on the HD and the backup medium.

Your problem.

What if you want to do differential backups.
On-the-fly makes everything a lot simpler.

Nope. And its not a problem anyway except with tape which is
way past its useby date with personal desktop systems anyway.

Look what you're saying anyway, first that encryption imposes no performance hit,

I never ever said anything remotely resembling anything like that.

I JUST said that there is plenty of surplus computing
power that that is INVISIBLE TO THE USER.

Only a fool does backups when the system is being used anyway.

but then that you can avoid the performance hit by limiting
yourself to specific backup strategies with various drawbacks.

No problem if you're using those stragegys anyway.

Either way, it's a hassle.
Nope.

Do you ever use this stuff in real life?
Yep.

If not, why do you think your opinions are something other than worthless?

It aint an opinion, its basic fact thats readily verifiable.

In spades with the on the fly encryption question.

Thanks, that helped, I found

("Working T13 Draft 1321D") through Google. It mentions some commands
like "security set password" but this seems to be an access password
like the one on Travelstar drives, not drive content encryption.

What was being discussed was how to secure your data so that its
non trivial to get access to when you return a hard drive under warranty.

That qualifys.

Although removing those passwords is apparently
not trivial, it's known to be possible. See:

http://www.nortek.on.ca/Password Removal/PasswordFaq.aspx

No news to me. It might be why I used the wording I chose to use in my original.

But it appears to not encrypt the drive.

What was being discussed was how to secure your data so that its
non trivial to get access to when you return a hard drive under warranty.

That qualifys.

You don't get to decide who uses XP and who doesn't.

Its obvious to anyone with a clue that most do.

You have a pretty weird idea of "trivial" if it includes
"switch whatever computers you're using to Wintel".

It doesnt.

And if your theory about XP encryption is as accurate as your theory about ATA security

You clearly cant even manage to grasp that what was being discussed was how to secure
your data so that its non trivial to get access to when you return a hard drive under warranty.

That qualifys.

then it's not reliable.

Never ever could bullshit its way out of a wet paper bag.

Here's an article about Windows EFS, which
does make it sound somewhat reasonable:

However it's limited to NTFS.

Big deal.

You mentioned thumb drives and those typically
use FAT32 (yeah you could reformat but you
wouldn't be able to interchange across OS's.

Most dont want to do that.

Yes I do want encrypted thumb drives to interchange
across OS's and it's a hassle if they don't).

You have always been, and always will be, completely and utterly irrelevant.

Even you should be able to work out how to
read NTFS volumes under various modern OSs.

Also not clear is what you have to do to encrypt the swap area

Nothing special.

(I'm not sure if that's outside the filesystem in XP).

No it isnt.

And what about the system partition?

You're welcome to encrypt that if you want.

If you normally have to mount the EFS as drive D/E/F/whatever
and leave the C partition unencrypted, you have to be very
careful with configuration to avoid leaking plaintext into the
registry, temp files, etc. Again it may be possible to get this right

Corse it is.

but it's easy to make mistakes.

Nope, not if you encrypt everything.

Anyway I appreciate your wisdom about drive hardware but I think
we've plumbed the depths of your encryption knowledge at this point.

Never ever could bullshit its way out of a wet paper bag.

 

[Paul Rubin]

Never ever could bullshit its way out of a wet paper bag.

Bye.

 

[Arno Wagner]

I remember reading in the 80's that US Department of Defense procedure
was to actually take the drive apart and sandblast the platters! I
don't know if they still do that.

Of course this was when "crushing the drive" would have been fairly
difficult...some of those 5 1/4" hard drives were basically machined
aluminum bricks!

Well, while the term "physical destruction" allways seems to get
the imagination going, actually operning it (6 screws), and
breaking off the heads, is already more than needed, unless your
attacker is willing to invest. To make recovery really expensive,
remove the patters (another 6 screws or so) and bend them. No
acid, firearms, explosives, etc. are needed at all. If you want
to make recovery completely impossible, no matter what, blowtorch
the bent platters to a dark red glow for a second or so. Do this o
utside, since the surface coatngs may birn off and thay may not be
something you want to breathe. This will completely remove any
pre-existing magnetization.

BTW, on an industrial scale physical destruction is done by simply
using heavy-duty metal shredders.

Arno

 

[Rod Speed]

Bye.

Never ever could bullshit its way out of a wet paper bag.

 

[Aidan Karley]

Hmm. Wouldn't that be criminal under European privacy laws if done
without a court order?

Yes.
Does it stop people? No.
What's the likelihood of getting caught?

 

[Arno Wagner]

Yes.
Does it stop people? No.
What's the likelihood of getting caught?

My thought was more that they would give it to law enforcement.
If they look for themselves, I would call it "attractive content"....

Arno

 

[chrisv]

Best bet is encrypt all such data before storing it on the disk. Then
you can get the disk fixed under warranty without revealing the data.

Well "replaced", but not likely "fixed"... 8)

 

[chrisv]

Yep.


Nope, not if its how you do your backup anyway.
Idiot.


Still dont need to do on the fly encryption.


Your problem.

Idiot.

That's twice in the last couple day's you've embarassed yourself
badly, Ron^Hd.

 

[Folkert Rienstra]

I've had only one drive that failed while under warranty, and getting a
new one was a piece of cake.

Usually if the manufacturer's diagnostic software (i.e. Seatools)
confirm that the drive is bad (or it is totally dead), they will
cross-ship you a new one (in return for a CC #) immediately. At least
that was my experience with Maxtor.

Regarding security:

getting data off a totally dead drive is a difficult operation

More often not. Just an electronics card exchange will often do, babblehead.

 

[Rod Speed]

Some gutless ****wit desperately cowering behind
expect from a desperately cowering gutless ****wit that
has never ever managed to contribute a damned thing, ever.

 

[JohnH]

Both. Same story.

Now, what is wrong with that statement?

Needless to say, my verifiction process (in order to determine
compatibility with component transpants) securely erases all data.

However, I have witnessed attempts to recover data in order to seek
"questionable content" by other companies.

Including your own.
How else would you be able to know that there was "intensely" personal data on them.