PDA

View Full Version : Hiddn Desktop - encryption for PC's



kingdragonfly
25-05-2012, 09:17 AM
I'm posting this because there are practically no reviews of Hiddn Desktop.

I work for a government agency, and purchased two for trail.

http://www.hdd.no/desktop/

From the web site

"The exclusive Desktop solution connects directly to the motherboard and the storage media; a 'plug and protect' solution. The combination of all encryption keys being stored on a separate smartcard (no keys stored in the device or on the storage media) and the optional two-factor authentication offers unprecedented protection!"

"Simply install, authenticate, and start operating the computer as normal. From the moment the computer boots, all data is encrypted, and by removing the smartcard (upon power down, etc.), the user is assured that all data stored on the computer remains inaccessible to anyone not holding the smartcard."

"The [hiddn] Desktop incorporates the companyís patented and certified [hiddn] Crypto Module and it is a standalone solution that operates transparently without the need for user intervention. It encrypts efficiently without affecting the systemís performance and is completely Operating System independent."

It may be patented, but I couldn't find any certifications.

The primary problem is a complete lack of support. The phone number and contact details are well-hidden, except for a single email address, support@hdd.no. I did manage to call them in Norway, 9:30 am in Oslo, only to be told to email them; the receptionist hung up without even saying good-bye.

I sent emails via the website that went unanswered. From an email to support@hdd.no, I was sent a picture from the manual telling me to make sure I hadn't got the cables connected backwards.

Also the web site leads you to believe it works with any motherboard / SATA controller and any SATA hard drive.

I tried three SATA controllers, with Intel, Intio, and Marvel chipsets, and could never get the HDD recognized. The controllers were manufactured between 2005 and 2011, so it's not a simple case of not supporting the latest SATA standard.

What is missing is the common BIOS diagnostic tools you see in every disk controller / RAID card. You know the ones: "press [some key] to enter [some software]" you get when you boot your PC.

You only positive feedback is a green light. It only indicates the smart card was accepted. There's absolutely no feedback regarding a good connection to the motherboard or the hard drive.

Other annoyances is the very strange, and fragile, cable connections. The cable is literally a ribbon cable with bare conductors. No traditional "male" connector. It's laid into a very fragile female connector, and a wedge is moved down. Again in 30 years in IT, I've never seen this style of connector. The ribbon cable could also be a little longer also.

Due to a lack of contact, I suspect I'm going to be struggling to get an RMA, return materials authorization.

So in conclusion, I'd avoid this product until helpdesk support is improved, and some kind of diagnostic software / LEDs are introduced.

Cheers

fred_fish
25-05-2012, 09:26 AM
I work for a government agency, and purchased two for trail.
You'd better not be spending MY money on usless crap like that.

kingdragonfly
25-05-2012, 09:30 AM
Would you prefer your details to be found on an unencrypted disk?

Did you notice I was trying to get an RMA, return materials authorization.

fred_fish
25-05-2012, 09:42 AM
Would you prefer your details to be found on an unencrypted disk?
As opposed to being owned by some fly-by-night Norwiegian front operation for Russian crackers - YES!

kingdragonfly
25-05-2012, 09:56 AM
That's a bit chauvinistic. Remember New Zealand shares more similarities to Norway than the US.

How would you feel if someone were to say "Can't trust a Kiwi company because they could be a bunch of Chinese hackers"?

wainuitech
25-05-2012, 10:22 AM
Personally I totally agree with Fred on this, you mentioned it yourself in the original post:
The primary problem is a complete lack of support The first problem that comes to mind, what happens if the smartcard gets lost or damaged, or the card reader fails due to as you put "Other annoyances is the very strange, and fragile, cable connections. The cable is literally a ribbon cable with bare conductors." You're screwed if that happens/fails.

I think I'd rather use well tried and true encryption methods rather than some never heard of, no support place overseas.

kingdragonfly
25-05-2012, 11:58 AM
While there a number of software products, like Microsoft's Bitlocker, the performance is not very good.

Hardware based products are practically non-existent.

I'd love to buy a New Zealand made hard disk encryption products, of any kind. I don't think one exists so you're pretty much guaranteed it's overseas.

There's very few solutions for HDD encryption. For example Seagate offers self encrypting drives. However it's only 128 bit, and impossible (???) to find a SATA hard disk controller that supports it.

There's lots of articles, very little hardware you can purchase.

I seriously doubt you'd get much installation support from Seagate.

So if anyone can point me to self encrypting drives or HDD encryption through hardware, independent of a central office and the Internet, that actually can be purchased, I'd love to hear about it.

dugimodo
25-05-2012, 12:19 PM
I'd personally say windows 7 built in encryption is pretty adequate for most things and performs ok, no experience with bitlocker beacuse I only have home premium.
But I think it's good that you gave us a heads up on what a totallly useless product Hiddn Desktop is, might save someone else wasting money on it.

Lets be honest here though, if you work for a government department and need to protect data you should be using a trusted professional solution from a known and trusted supplier. Anything else and you're asking to be the next news scandal.

1101
25-05-2012, 12:37 PM
Just a suggestion

Perhaps something in the line of pass protected HD's (not encryption) . Im not sure how many drives support this
& I have seen a few Laptop bios's that support HD pass protection . It basicly made the HD unusable if removed
or if the pass wasnt known.


Worth a look ?
http://www.exlade.com/ways-hdd-password-protection

Chilling_Silence
25-05-2012, 01:03 PM
Truecrypt. 'nuff said ;)

kingdragonfly
25-05-2012, 01:10 PM
There's quite a few of the password protected laptops.

The manufacturers are quite reluctant to reveal their encryption level, but given the US government previous laws it safe to assume it's just 128 bits.

For example, Seagate SED are limited to 128 bits.

I read that a good number of laptops only use the first 8 characters of a password, no matter the length.

In the past, some laptops were found to have back-door passwords also, unbelievably some using the manufacturer's name as part of it.

I've seen estimates that the combination of 128 bits + 8 character passwords means a multi-GPU system can break it in less than 4 hours.

Again this is OK security for consumers and casual thieves.

kingdragonfly
25-05-2012, 01:36 PM
Again I should note: lots of articles, almost impossible to buy anything.

Here's a great example: you'll often hear Samsung name mentioned when discussing "Self Encrypting Disks". Though they spoken on many panels, you can not buy a Samsung SED

http://forwardthinking.pcmag.com/show-reports/293215-why-self-encrypting-drives-are-the-future-of-storage

The TCG, "Trusted Computing Group", and TPM, "Trusted Platform Module" are also jokes. Lots of talk, lots of conferences, lots of white-papers, nothing to purchase.

gary67
25-05-2012, 01:45 PM
One downside I noticed straight away, a lot of office workers would just remove the card and stick it in their office drawer. A bit like the old putting your password on a postit note on the screen

Chilling_Silence
25-05-2012, 02:18 PM
Try Truecrypt, you'll be impressed.

Again, it's only as good as the password you use with it, but still...

fred_fish
25-05-2012, 04:13 PM
+1
Open source encryption / security software is the only way to go.
How can you verify the quality of a closed source product?

sk69ersnz
25-05-2012, 06:41 PM
Another vote for TrueCrypt

kingdragonfly
26-05-2012, 09:50 AM
Well, good news.

"Hiddn" updated their website to reflect it only works with SATA 1.

I also able to return the items, an RMA.

kingdragonfly
26-05-2012, 10:05 AM
Info about Truecrypt

http://en.wikipedia.org/wiki/TrueCrypt

Full disk encryption, FDE: here's an old link about encrypting Windows XP with TrueCrypt. My guess is it should be similar for Windows 7 / 8

http://www.securitybeacon.com/?p=673

Truecrypt supports "two-factor authentication": something you know, your password, and something you got, a security token, smart card, USB device.

I came across very cool articles about using yubikey from Yubico with Truecrypt, for additional security

Google this for more info: yubikey truecrypt

"The YubiKey is a USB device which presents itself to a computer as a Human Interface Device – HID – a keyboard. It is a 3 gram hermetically sealed keyboard with a single key – actually a touch button."

kingdragonfly
26-05-2012, 10:23 AM
Regarding YubiKey, it's for two-factor authentication. You'd still have to type in a password, then Yubikey would send static text. Users would be trained to remove the Yubikey afterwards.

I'd guess this is only only way to get Truecrypt to work with FDE and "two-factor authentication"