The WiebeTech implementation of this concept looks better. (No link because I couldn't find a good one.)

I think the $1,000,000/year estimate is actually on the high side now. The EFF's DES cracker took 22 hours to brute force a quarter of the DES-56 keyspace and cost under $250k (source). That was four years ago, so we're probably talking a cost around $63K and I believe that that state of the art has advanced enough that you'd see something closer to half of that.

Releasing a security product which only supports 56 (and 40!) bit DES now is just silly. Hardware accelerators for real crypto aren't that much more expensive and would actually be useful. Plus, I have a feeling that their implementation will turn out to be easier than brute forcing - there are a lot of predictable data structures on a hard drive and known-plaintext makes life a lot easier for an attacker.

Do you need to keep the key in the drive?

If so, it's like keeping your key in the door while you walk inside...

And I didn't point out that the Thumbdrive got lost within two weeks because its stickiness into the keychain holder broke down.

--Dan

You'd keep the key for this drive the same place you keep all your other keys -- in your pocket. Saying it's useless because you have to have the key with you is like saying the locks on your car are useless because you carry the key with you when you drive the car.

Reid--

   I got one a couple months ago. It was cool to show off, but never really recognized my thumb very well and doesn't work automagically with anything but 2000/XP (98 requires a driver, OSX sees nothing, never tried MacOS9).

   Regarding this hard drive, the crypto is terrible, the implementation is probably worse (ECB mode, since they can't be file aware and they're obviously not crypto aware), and the scope of circumstances under which an attacker *would* get the drive and *wouldn't* get the key is pretty small.

   Swing and a miss.

--Dan

Not so "gee whiz". If you combine it with something like this USB fingerprint authenticated thumb drive: http://www.trekstorusa.com/thumbdrive_touch.htm ... I haven't seen any review on how good these drives are, but it'd be quite cool to use the two together

Yeah, seems kind of pointless beyond the "gee whiz" factor. I imagine most people's HDs are filled with primarily OS files, general apps, and non-sensitive files. Seems to me software-based strong encryption of just sensitive files/directories makes a lot more sense.

A few things here:

DES is not 64 bits strong: it is 56 bits strong. (The key has 8 predictable parity bits.)

It would take an aversary who gets your hard drive less than $1million to decrypt the drive in under a year; aggressive adversaries with more money can probably do it in weeks.

If you were lame enough to use 40-bit mode, the same adversary could decode the drive in a few days or a few minutes

If they used TripleDES, they could still run quite fast and make the contents of the drive unreadable to anyone for decades

Cory's point about keeping the key near the drive is probably the biggest reason this drive is useless