USB drive manufacturer encrypts data with XOR
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Feb 21 20:56:22 EST 2008
Rui Paulo <rpaulo at fnop.net> writes:
>"The specifications of the 2.5in. Easy Nova Data Box PRO-25UE RFID hard drive
>case by German vendor Drecom sound promising: hardware data encryption with
>128-bit AES, access control via an RFID chip compact enough to carry around
>on your key ring and optional 160GB or 250GB hard disk capacity. Swiping the
>RFID chip along the case causes the integrated Innmax IM7206 crypto
>controller to reveal the drive as a USB 2.0 mass storage compatible device to
>the attached computer. This works under Linux and Mac OS X as well as Windows.
The fault here isn't with Nova (or any of the other vendors that use the
Innmax device), it's squarely with Innmax, whose advertising and data sheets
imply that the disk is encrypted with AES without ever mentioning that it's
only ever used in conjunction with the RFID portion.
(By "imply" I mean the specs state "Uses AES encryption", technically you
could argue that since they never specifically say "All disk data is encrypted
using AES encryption" they'd be justified in storing it in plaintext, but
that's not what someone looking at the spec will interpret it as).
To make it even more confusing, "Easy Nova" is a near-namespace collision with
eNova, who do AES-encrypt the disk contents (well, as far as anyone knows...
anyone here have a eNova X-Wall drive controller and feel like seeing what's
on the disk?).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list