Thursday Jul 23, 2009

FIPS 140-2 Certification for T10000 tape drives

The T10000 (A & B) encrypting tape drives are now FIPS 140-2 certified. Some more details and pointer to the official certificate are here.

Thursday Sep 06, 2007

Beginning of the End for separate Solaris Data Encryption Kit (SUNWcry)

The removal of the Solaris Data Encryption Kit has been quite a difficult and long process for us, we are taking a different approach for Solaris 10 and for OpenSolaris. Valerie Bubb has info on how it has been done for Solaris 10 and is also currently running codereview for the OpenSolaris variant which is the full fix for this. - Darren

Friday Apr 27, 2007

SLOTD 2007-04-27: InfoSec Europe & encrypted storage

I attended InfoSec Europe at Olympia in London earlier this week. I find this show generally a little to "PC" biased sometimes so I wasn't expecting to get too much out of it. I spent most of the time looking around for encrypted storage solutions and products. Last year I found an excellent hardware only encrypting disk drive that is approved for UK government use.

This year I found a device by a company called SafeBoot. Initially I almost discounted this device because I was expecting it to be Windows only. The device is a small USB flash drive with a fingerprint reader to access the data, I think it is their phantom product that I saw. While the device can only be configured from Windows the lock/unlock functionality works on any system. We tried it out under the MacOS X laptop we had with us (this ensures there are no drivers needed for this) and it works just fine. What was even nicer is that a simple software eject under MacOS caused the drive to relock again. So I fully expect this to work just the same under Solaris. Under MacOS X the encrypted part of the device that you need your fingerprint to unlock appears as a removable drive that doesn't have the media in it - until you swipe your fingerprint.

Pretty cool little device, I don't have one at the moment to try it out but it looks promising. I can even see some uses for this in a primarily Solaris based solution, so you might see this or something like it in the future....

Apparently the device can also allow the crypto functionality to be used by the host OS, but only Windows. I wonder if I can get them to write (or collaborate with us to do so) a driver for the OpenSolaris cryptographic framework.

- Darren

Wednesday Mar 28, 2007

Cryptography in Microelectronics

I was over the moon today to see Jonathan Schwartz blog the latest organisational announcement. Not just because of the transparency and openness it demonstrates, but also one of the reasons given for forming the Microelectronics group is "investing in cryptography".

The UltraSPARC T1 processor that we first shipped with the T1000/T2000 machines has some very cool modular exponentiation logic in it which makes it possible to implement a hardware-assisted RSA/DSA implementation that is really fast. "No big deal", you say - "PCI cards have been doing it that way for a while"?

Well roll on Niagara 2, due later this year, where we add AES, 3DES, RC4, SHA1, SHA256, MD5 to that list - all done in hardware and all on a CMT processor.

Niagara 2 also brings us hardware randomness from the chip as well.

Now I don't personally know the future of our hardware crypto products beyond this at the moment, but I hope that the investment in the new Microelectronics group will allow us to go even further in this area. When I know more that I can share I'll share it here. There is some stuff I want to share with you about Rock but I need to get my head around it before I'm ready to share.

- Darren

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.


« June 2016