[Cryptography] trojans in the firmware
RW
rwmaillists at googlemail.com
Tue Feb 24 13:09:46 UTC 2015
On Mon, 23 Feb 2015 12:45:02 +1300
Peter Gutmann wrote:
> Henry Baker <hbaker1 at pipeline.com> writes:
>
> >BTW, what's the point of AES encryption on this pre-p0wned device?
> >More security theatre?
>
> Almost. Its sole use is for very fast "drive erasure", i.e. you
> change the key and the data on it becomes inaccessible. Have a look
> at this presentation:
>
> http://www.snia.org/sites/default/education/tutorials/2012/spring/security/MichaelWillett_Implementing%20Stored-Data_Encryption_2.pdf
>
> which describes what Samsung (and others) are doing, in particular
> slide 18. The decryption key (DEK) is stored in the drive, and is
> unlocked using a password (and "authentication key", AK). So to
> decrypt the drive you extract the encrypted DEK, brute-force the
> password (AK), and you're in.
This is how practically all disk encryption works. Whether or not it's
secure depends on the strength of the password + key-file.
More information about the freebsd-security
mailing list