Diamond Cipher Frequently Asked Questions

Q: What are all the differences between Diamond Cipher and regular Diamond drive kit?
A: Other than the additional encryption feature in the Diamond Cipher drive enclosure, the Diamond Cipher drive kit has identical feature of the regular Diamond drive kit. They both share the same enclosure, drive cradles and associated accessories. This make implementing encryption to any hard drive very easily if you already has a regular Diamond kit installed. All you would need is just the Diamond Cipher drive enclosure. For more detail relating to the Diamond drive kit feature, please review the Diamond Q&A page.

Q: What is the largest 3.5" hard drive can be installed into the Diamond or Diamond Cipher Hard Drive enclosure?
A: There is no capacity limitation on the hard drive. You can partition and format any hard drive as 1 large volume.

Q. Can the drive in the Diamond Cipher drive enclosure be used as a boot drive?
A: Yes. When it is used as a boot device, the system will be unable to start up without the Cipher key. This is a very secure solution to protect the system from unathorized access.


Q: Does the Diamond or Diamond Cipher Hard Drive kit support IDE hard drive?
A: Yes. Diamond come with choice of enclosures for IDE or SATA hard drive. Diamond Cipher current comes with drive enclosure for SATA hard drive. All Diamond and Diamond Cipher drive enclosures share the same drive cradles, interface cables and power adapter. For encrypting 3.5" IDE hard drive, we recommend the Saturn Cipher drive kit


Q: What is �Diamond Cipher�?
A: Diamond Cipher is a family of Addonics Hard Drive enclosures that incorporate a real-time hard drive cryptographic bridge ASIC (Application Specific Integrated Circuit) to encrypt and decrypt the entire hard drive including boot sector, temp files, swap files and the operating system without degrading system overall performance. Inside the Diamond Cipher cryptographic engine is the AES (Advanced Encryption Standard) algorithms certified by the NIST (National Institute of Standards and Technology) of the United States of America and CSE (Communications Security Establishment) of Government of Canada.


Q: If I already have Diamond drive cradle installed in a system, can I just purchase the Diamond Cipher enclosure for encrypting some of my hard drives?
A: Yes. The Diamond Cipher and the regular Diamond hard drive kit shares the same drive cradle. You can mix encrypted and regular hard drive in the same system. The encryption is with the Diamond Cipher enclosure. The convenience of the Diamond Cipher design is that it can be taken to anywhere you want and still access the data in your encrypted hard drive so long you have the Diamond Cipher key with you.


Q: Does the encryption key has to be always ed in the Diamond Cipher drive enclosure in order for it to work?
A: No. Once the Diamond Cipher drive is detected and registered by the OS, the Cipher key can be removed from the drive enclosure without affecting the operation of the Diamond Cipher drive. All the data transfer in and out of the Diamond Cipher drive will continue to be encrypted an decrypted on the fly. When the Cipher key is removed, the cipher key LED on the drive enclosure will be off. Once the Diamond Cipher drive is powered off or removed from the system, the Cipher key will need to be ed into Diamond Cipher enclosure prior to power on and re-attaching the drive to the system again.


Q: How is Diamond Cipher differs from other hardware based hard drive encryption solutions out in the market?
A: Diamond Cipher is the first drive enclosure solution that incorporates hardware AES-256 encryption in the market. All the hardware based encryption solutions in the current market have one or more of the following limitations:

  • Hard drive can only be encrypted or decrypted on the same computer
  • Hard drive is limited to a single interface connection
  • Limited to IDE hard drive. No solution for SATA hard drive at this time

    Diamond Cipher does not have any of these limitations. Diamond Cipher is by far the most flexible and most secure. Because we are offering this solution in the form of a a drive kit, you can encrypt whatever capacity hard drive you need and as many hard drives as you want

Q: Can the Diamond AES encryption key be used on the Saturn Cipher or Jupiter Cipher drive enclosure?
A: No. It cannot. The Diamond Cipher enclosure has an AES crypto engine which is different than the crypto engines inside the Saturn Cipher or Jupiter Cipher enclosure.

Q: Can the Saturn Cipher or Jupiter Cipher key be used on the Diamond Cipher enclosure?
A: Same as above.


Q: I have the Cipher key management system for the Saturn Cipher and Jupiter Cipher drive kit, can I use this key management system to program and duplicate the Diamond Cipher key?
A: Yes. The Addonics Cipher key management system can be used for programming and duplicating all DES, TDES and AES cipher keys. The key code generating software for the Diamond AES 256-bit is different from the Saturn Cipher or Jupiter Cipher. Please contact our tech support department for a copy of this new software. For security purpose, we are required to have your company name and contact information for verification.

Q: Is the Diamond Cipher certified?
A: Addonics hardware encryption is based on the eNova's MX AES Cryptographic engine that has been certified by NIST and CSE. These certificates are available on NIST web links: (http://csrc.nist.gov/cryptval/des/desval.html and http://csrc.nist.gov/cryptval/des/tripledesval.html).


Q: How can Diamond Cipher encrypt the entire disk without losing performance?
A: Diamond Cipher is specifically engineered for high speed communications with the disk drive. It's high throughput enables real-time communications with all SATA hard drives. The operations of encryption and decryption are accomplished using high speed hardware circuit to ensure no performance loss. There isn't�t any extra software device driver required. Thus memory and interrupt overheads are completely eliminated.

Q: Can Diamond Cipher work with all types of SATA disk drives?
A: Yes. It supports both SATA I and SATA II hard drives


Q. Are there any performance degradation on the hard drive with the Diamond Cipher drive kit?
A: There is no significant performance difference when measured with HD Tech or ATTO Disk Benchmark tool.


Q: Does Diamond Cipher support SATA II performance?
A: Diamond Cipher supports maximum transfer rate of 1.5 Gbits/sec. The Diamond Cipher supports all SATA II specification. Although SATA II hard drives are all rated for maximum transfer rate of 3 Gbits/sec, this speed is only be attainable in burst mode ( a short duration of a few hundred milliseconds) in transferring data from the buffer, the sustained transfer rate for the SATA II hard drives is max out at around 80 - 90 MB/sec. This maximum sustained transfer will remain the same even in the future generation 6G/sec SATA hard drive. So for practical propose, the 1.5 Gbits/sec (150 MB/sec) maximum transfer rate for the Diamond Cipher is more than adequate to handle any type of SATA hard drives.
In order to achieve higher sustained transfer rate, 2 or more hard drives (or Diamond Cipher kits) can be group together in a RAID 0 configuration.


Q: Can Diamond Cipher work with all types of operating systems?
A: The Diamond Cipher cryptographic engine requires no device drivers and is compatible with all operating systems. However some OS may not offer support to certain interface. Below is a list of OS support using different interface connection:

  • IDE - DOS, all Windows OS, Linux, Solaris, Unix, Mac OS
  • SATA - DOS, Windows NT4, 98SE, Me, 2000, 2003, XP, Linux, Solaris, Mac OS
  • USB 2.0/1.1 - DOS, Windows 98SE, Me, 2000, 2003, XP, Linux kernel 2.4 and above, Solaris 9 and above, Mac OS 9 and above
  • Firewire - Windows 98SE, Me, 2000, 2003, XP, Mac OS9 and above

Q: What are the advantage of Diamond Cipher hardware encryption comparing to Software encryption?
A: Addonics Diamond Cipher enclosure kit, a hardware encryption solution for the hard drive, is by far the most secure and simplest to deploy, particularly for large organizations. Below are some of key benefits of Addonics hardware encryption products:

  • High performance - Data is encrypted and decrypted on the fly by a certified cryptographic engine inside an ASIC without taking any CPU resources
  • Platform independency - There is no software or driver to install to use Addonics encryption products. As a result, it can be deployed in any systems running any OS. This is important in organization with multi platform computing and legacy systems.
  • Data portability - Unlike many software or hardware products that limit accessing the encrypted hard drive to certain specified computer system, Addonics encrypted storage device can be accessed by practically any system while still maintaining high level of security. The Addonics' Diamond Cipher or Ruby Cipher drive enclosure with an encrypted hard drive can be attached to any systems externally via eSATA or USB ports. As long as you have the Cipher key with you, you can access the hard drive.
  • No training required - There is no password to remember nor running any special program commands. The solution is truly plug and play. Encryption and decryption is all controlled by a physical key.
  • Low TCO (Total cost of ownership) - With hardware based encryption, there is no IT maintenance required, no software version to maintain nor any updates to keep track of.

Q: Are everything in the hard drive encrypted?
A: Diamond Cipher encrypts every thing on your disk drive without exception. It encrypts the entire volume of your disk drive such that if you have a 300GB hard drive, the entire 300GB will be encrypted including the boot sector and partition tables.

Q: Do I need to establish a separate �encrypted folder� under file directory as required by some software solutions?
A:
No. Everything you write to the disk drive is automatically strongly encrypted. There is no need to establish a separate �encrypted folder.�


Q: Can I encrypted a hard drive already with data on it?
A. No. When a hard drive already has data on it is installed into the Diamond Cipher drive enclosure. The computer detects the hard drive as a brand new drive or a drive that is unallocated. Once you proceed to partition the drive, the data that was on the hard drive will be erased and cannot be recovered. So to retain your valuable data, it must be backed up first and then transferred to the encrypted hard drive.

The same holds true for the Diamond Cipher encrypted hard drive, It will look like a brand new drive when attach directly to the IDE or SATA controller of a computer. There will be no partition or any hint to indicate that the drive contains encrypted data. When the drive is partitioned, all the encrypted data
will be lost.

Q: Do I need any training to use Diamond Cipher?
A: No. The good news is that you don�t have to learn or manage anything. After ing the Diamond Cipher cipher key, everything will function as before. There isn't�t any GUI for you to learn and manage and you don�t have to memorize your password.


Q: Will I expect a multi-step log on procedures & complex GUI (Graphical User�s Interface) like other systems require?
A: No. the Diamond Cipher solution does NOT change user�s regular computing behavior, nor does it require learning a complex GUI. It does not require you to memorize frequently used and cumbersome log on procedures. It is totally transparent to all users. You need only to ensure the cipher key is ed to the Diamond cipher drive enclosure every time before you attach the hard drive to any computer or restart your computer.


Q: How does Diamond Cipher compare with Smart Card and PCMCIA encryption products?
A: Diamond Cipher is dramatically faster than PCMCIA or Smart Card solutions, and encrypts the entire hard drive instead of just ed files. There is no possibility that any data or credentials can be left unprotected on the hard drive. Drive locking and boot sector encryption solutions do not encrypt the data, and thus it is vulnerable to attack.

Q. Can a Diamond Cipher encrypted hard drive be taken out of the drive enclosure and connect directly to IDE or SATA controller?
A. Yes. The hard drive will appear as a blank hard drive without any data to any Operating Systems. If the drive is partitioned and formated, all the encrypted data will be gone and the hard drive becomes an ordinary hard drive.


Q: Can I encrypt multiple hard drives via a single Diamond Cipher cipher key?
A: Yes. You can encrypt multiple hard drives installed in different Diamond Cipher enclosures with the same Diamond Cipher cipher key. You can also encrypt multiple hard drives using the same Diamond Cipher enclosure with one Diamond Cipher cipher key.


Q: Does Diamond Cipher support 48-bit LBA addressing?
A: Yes. Diamond Cipher supports 48-bit addressing and support hard drive volume over 137GB per drive.


Q: What happens if my cipher key is lost or stolen?
A: There are no �back doors� into Diamond Cipher encrypted hard drive, so without the cipher key you will not be able to access the data on the protected disk drive. This means you must keep the backup key in a safe place at all times.


Q: Can I order duplicate cipher keys?
A: Yes. You can order duplicate cipher keys directly from us. To have additional keys made, you must send in your backup key with your order for duplication. If you are down to the last key, be sure to make a back up of all the data stored inside your encrypted hard drive prior to sending the last key to Addonics. Addonics is not responsible for key lost in the mail or retrieval of the data inside the encrypted hard drive. For customers who are interested to manage and make their own keys, they can purchase the Addonics Cipher key duplicating system.


Q: Can I remove the cipher key while my hard drive is connected?
A: Yes, you can safely remove the cipher key for safekeeping after the hard drive is detected by system. Remember that the cipher key MUST be used again the next time you reconnect the hard drive or restart your system.


Q: If the Diamond Cipher malfunctions, will I lose my data?
A: No. the the CCE is a generic cryptographic engine and the cipher key contains the AES cryptographic key. Consequently, you can simply replace the defective Diamond Cipher enclosure, if that ever occurs, and use your original cipher key to access the data on your hard drive.

Q: Does Diamond Cipher increase the original file size after encryption?
A: No. AES is a complicated mathematical algorithm that computes the original data with 256-bit cryptographic key length. Regardless of the size of the key, the size of data file after encryption remains unchanged.


Q: How does Diamond Cipher encryption work?
A: Diamond Cipher Cryptographic Engine (CCE) sits before your disk drive. It intercepts, interprets, translates, and relays commands & data to and from the disk drives, encrypting the data with AES 256-bit key strength. Before all data reach the disk drive, the CCE encrypts it then saves to disk drive. When there is a read to the disk drive, the CCE decrypts it before sending the data to the host. The operation of encryption and decryption is totally transparent to all users thus the CCE is invisible to the entire system. The Diamond Cipher cipher key Token contains the �Cryptographic Key� that is to be used by the the CCE. At power up, the �Cryptographic Key� will be delivered to the CCE register sets using a proprietary hardware protocol. If somehow the Cryptographic Key was incorrect or missing, the CCE will not decrypt the hard drive thus the Diamond Cipher encrypted hard drive will only be detected by any Operating System and the entire content is secure. Attempts to surface scan the entire disk drive platters will only prove futile. As the CCE is a generic engine and it relies on the �Cryptographic Key� to enable all functionalities, a malfunctioned CCE can be easily replaced with the same model and the content of your disk drive can be safely retrieved as long as your original �Cryptographic Key� is intact.


Q: How is key length related to security?
A: In the case of Symmetric Cipher (DES, TDES, and AES), a larger Cryptographic Key length creates a stronger cipher, which means an eavesper must spend more time and resources to find the Cryptographic Key. For instance, a DES 40-bit strength represents a key space of 1,099,511,627,776 (240, 2�s power 40) possible combinations. While this number may seem impressive, it is definitely feasible for a microprocessor or a specially designed ASIC to perform the huge number of calculations necessary to derive the Cryptographic Key. Surprisingly an investment of only about US$10,000 investment in FPGA (Field Programmable Gate Arrays) will be able to recover a 40-bit key in 12 minutes. Further, a US$10,000,000 investment in ASIC will be able to recover a 40-bit key in 0.05 second. A government agency that can afford investing US$100,000,000 or more will be able to recover a 40-bit key in a whopping 0.002 second! Thus a 40-bit length cipher offers a bare minimum protection for your confidentiality and privacy. Fortunately the �work factor� increases exponentially as we increase the key length. For example, an increase of one bit in length doubles the key space, so 241 represents key space of 2,199,023,255,552 possible combinations. A 2112 bit (128-bit) TDES cipher offers extremely strong security (5,192,296,858,534,827,628,530,496,329,220,096 possible combinations) that should resist known attacks for the next 15 to 20 years, considering the advance of semiconductor design and manufacturing.


Q: Why do I need to use the cipher key token?
A: The cipher key token contains the AES �Cryptographic Key� that is used by Diamond Cipher to encrypt or decrypt data. Without the key, the protected disk drive cannot be detected and there is no access possible. Together the cipher key token and Diamond Cipher Cryptographic Engine comprise an effective user authentication for access control and encryption for data protection. The cipher key token serves as user authentication for access control while Diamond Cipher Cryptographic Engine encrypts and decrypts.