Security Flaw in Popular Disk Encryption Technologies

Achim Patzner ap at bnc.net
Wed Feb 27 09:29:29 UTC 2008 

>> You might want to take a look at eNova (http://www.enovatech.net/)  
>> who are pointing at interesting hardware using their crypto  
>> technology.
> =================
>
> the idea of closed-source hardware-based crypto disk drive may  
> appeal to some, but i've seen too many similar things fail through  
> stupidity, malice, etc.

Compared to in-core keys which have to stay there while the device is  
mounted? Yeah. Great disadvantage.

> one probably wouldn't have to look hard for more examples of "secure  
> hardware" that isn't secure.

I guess you never did a formal evaluation of you security relevant  
subsystems anyway.

> there's just no way that hardware crypto can provide the peace of  
> mind that open-source crypto does

Let's put it that way: There is no open source solution that doesn't  
spill its beans too easily - key container and crypto engine should be  
brought together close enough to force complete destruction of the  
keys should anyone try to get access to them _or_ to the data path  
between them. Just take a look at Apple's last failure in this regard  
(the iPhone) and you'll see an example of "not close enough".

And no, I'm not talking about a mobile system, I'm more worried about  
the case of physical security not being strong enough (like in the  
case of governmental goons breaking down your doors or US customs and  
immigration staff seizing running machines ["turn your machine on and  
prove to us that it isn't a bomb... Thank you, now it's ours."] as  
they have already done); emergency shutdown of all systems should  
reliably render your data inaccessible.

The fact that British authorities lost four mobile computers with  
masses of sensitive data (like a complete list of their military  
reserve personnel including complete financial details) on their disks  
since October 2007 rather makes me laugh - they don't deserve crypto  
solutions but a good flogging with a bundle power cords.

Anyway: I don't completely trust any system where keys have to travel  
across an unprotected bus. I'm still sad about TPMs not having made  
their way at least into 99% of the server mainboards. Just take a look  
at ISBN://978-0-7506-7960-2 (you just shouldn't completely hand over  
the device to your friendly OS vendor) and ISBN://0-387-23916-2 (which  
will prove your point - even IBM didn't follow the "think before  
crypto" rule).

> (or maybe my tin-foil hat is too tight).

You got too close to Theo the Rat, that's all.

I guess we should take this off (at least *this* list). And tell me if  
you want to read the books.


Achim Patzner

More information about the freebsd-hackers mailing list