[Cryptography] How can you enter a 256-bit key in 12 decimal digits?
Ray Dillinger
bear at sonic.net
Sun Jan 3 14:26:51 EST 2016
So I was looking for a new hard drive today and I came across this:
http://www.newegg.com/Product/Product.aspx?Item=N82E16822204163
I'm pointing this particular drive out, but it's representative of
the offerings on display. I don't want to single out Fantom, but
the description of this particular device very blatantly points
out a very common problem.
256-bit encryption it says, but it has buttons for entering
decimal digits and allows "up to 12-digit pass code combinations
to protect your data from unauthorized use."
Now, the last time I looked, 12 decimal digits equals about 40
bits, not 256 bits. To enter a 256-bit key you need ~77 decimal
digits, not 12.
If someone can get at your data by brute forcing a key in a 40-
bit key space, why is it legal to call this 256-bit encryption?
Here's another thing I found which illustrates a different (also
common) problem. Again, I'm not singling out this manufacturer;
I'm pointing at this particular device only because the problem
is very clear from its description.
http://www.newegg.com/Product/Product.aspx?Item=9SIA6ZP3KE0600
"128-bit encryption" it says, but I notice it has no way to actually
enter a key. Reading on, I see that the device is meant to be used
with a physical token that stores the key. O....kay, but I'm not
happy about an object that can be stolen along with the drive being
the sole security, and I wonder how the customer sets the key. Is
there a grid of pins that you can put about a hundred jumper blocks
onto at random and then snap down a cover and fill the fob with
epoxy? It'd be easy to read that using an x-ray, but if you can
x-ray it you've already stolen it, right? So no *additional* threat.
But then I read on, and it says "Bundled with 2 cipher keys."
2 physical tokens - both containing the same single key which is
known to the drive manufacturer, with no assurance that the key
is unique. Even if they are, brute-force attempts on all the keys
the manufacturer has ever issued is going to be an unacceptably
small (trivial) key space. Moreover, the device comes with a
serial number, so an opponent who cracks (or compels) the manufacturers
database would be looking at a zero-bit key space. How in the
world can a device with a zero-bit key space be referred to as
having 128-bit encryption?
I can easily remember 40-digit sequences using mnemonics that are
completely opaque to others; I figure that entitles me to use
128-bit key spaces. Nobody appears to want me to be able to do
that.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160103/503fb750/attachment.sig>
More information about the cryptography
mailing list