How does the SAFE drive encrypt data?
The SAFE drive encrypts data through a hardware, and not a software,
solution. Thus, encryption and decryption don’t require more manipulation
by the user. The drive’s use stays the same, as with any other external
drive, during file transfers, data saving, etc. The data transfer speed is
not altered compared to a typical external USB drive and encryption is
optimized. The encryption key depends on a 24-character pass phrase
stored on the board and not on the host computer, making each drive
unique and impossible to hack. Data stored on the drive can be encoded
in either DES (56-bit key) or Triple-DES (128-bit key) mode.
What are the different encryption modes used by the
SAFE Drive?
DES: Data Encryption Standard
DES is a symmetric public algorithm that was developed by an IBM team
around 1974 and adopted as a national standard in the US in 1977.
DES encrypts and decrypts data in 64-bit blocks, using a 64-bit key.
DES takes a 64-bit block of plaintext as input and outputs a 64-bit block
of ciphertext. Since it always operates on blocks of equal size and it
uses both permutations and substitutions in the algorithm, DES is both a
block cipher and a product cipher.
Although the input key for DES is 64 bits long, the actual key used by DES
is only 56 bits in length. The least significant bit in each byte is a parity
bit, and should be set so that there is always an odd number in every
byte. These parity bits are ignored, so only the seven most significant bits
of each byte are used, resulting in a key length of 56 bits.
Triple DES
Triple DES is simply another mode of DES operation. It takes two 64-bit
keys, for an overall key length of 128 bits. The procedure for encryption
is exactly the same as regular DES, but it is repeated three times—hence,
the name: Triple DES. The data is encrypted with the first key, decrypted
with the second key, and finally encrypted again with the same key as
the first one. Triple DES is three times slower than regular DES but can be
billions of times more secure if used properly. Triple DES was the answer
to many of the shortcomings of DES.
How secure are DES and Triple DES encryptions?
The DES algorithm specification was published in January 1977, and
with the official backing of the US government, it became a very widely
employed algorithm in a short amount of time. Unfortunately, over time
various shortcut attacks were found that could significantly reduce the
amount of time needed to find a DES key with brute-force.
As computers became progressively faster and more powerful, it was
recognized that a 56-bit key was simply not large enough for high-
security applications. Despite growing concerns about its vulnerability,
DES is still widely used by financial services and other industries
worldwide to protect sensitive on-line applications.
Triple DES has the advantage of proven reliability and a longer key
length, which eliminates many of the shortcut attacks that can be used
to reduce the amount of time it takes to break DES. DES has 16 rounds,
meaning the main algorithm is repeated 16 times to produce the cipher
text. It has been found that the number of rounds is exponentially
proportional to the amount of time required to find a key using a brute-
force attack. So as the number of rounds increases, the security of the
algorithm increases exponentially. In general, the stronger the cipher is,
the harder it is for unauthorized users to break it.
Are unpublished algorithms safer than those
publicly known?
It has happened several times in the past that an encryption algorithm
was broken just because of a mistake in its design. In the majority of
cases, the principles of new encryption algorithms are publicized. This
allows any cryptologist to review and evaluate them, and point out their
weak points, if any are found. These algorithms are therefore generally
considered to be more secure and trusted than those whose principle
is not known. The majority of user applications nowadays implement
these generally approved algorithms.
Why prefer hardware encryption compared to
software encryption?
There are two major considerations for choosing hardware over software-
based encryption: security and performance. The main reason for choosing
hardware encryption over software is speed. Cryptographic algorithms
require complex manipulation of data at the level of individual bits.
General purpose microprocessors such as those found in normal PCs
cannot perform these operations efficiently. In addition, encryption is
usually a computationally intensive process, handing this off to another
processor or to a separate device allows the main processor to concentrate
on the primary function of the server. The SAFE hardware board is
specially designed to perform cryptographic operations at high speeds.
Algorithms such as DES were designed to be fast when implemented in
hardware and are much slower in software. Thus, hardware encryption
is usually faster than pure software systems but also safer.
Hardware encryption devices are harder to tamper with because of the
difficulty in accessing the device itself, physically.
