[Cryptography] hardware vs software FDE (was Re: Shredding a file on a flash-based file system?)
Darren Lasko
dlasko at ieee.org
Thu Jun 19 23:37:04 EDT 2014
On Thu, Jun 19, 2014 at 5:06 PM, Perry E. Metzger <perry at piermont.com>
wrote:
> It is different in a vital respect -- in the software implementation,
> you can more or less check that everything is working as expected,
> and you don't have to trust that the drive isn't sabotaging you.
> That's quite different -- vitally so, I think.
>
That's not what I was addressing, though. I was addressing the assertion
that if the attacker has the drive platters in hand, then he also has
access to the key.
However, to your point that "in the software implementation, you can more
or less check that everything is working as expected," this only holds true
if it's open-source (and as we have found recently, this is still no
guarantee against nasty security "flaws"), or if you're willing to
reverse-engineer a closed-source product (which you could also do with a
hardware-based product, though likely at a greater expense).
While it's true that even with a closed-source product you can take a look
at the ciphertext and verify that you see random-looking bits, and maybe
verify through experimentation that it's not using a poor choice of cipher
mode like ECB, getting the actual encryption algorithm right isn't anywhere
near the hardest part. How are the encryption keys generated? What is the
entropy source used for generating the keys? How are the keys
cryptographically protected w/ authentication credentials before storing to
the drive? If passwords are used, are they "strengthened" with something
like PBKDF2? What's the iteration count? How do you know the KDF was
implemented correctly? When you change your password, how do you know that
the "old" wrapped key blob (wrapped with the old password) was eradicated
from storage (the "shredding a file on a flash-based device" problem)? I
don't see how you're going to check these in a McAfee EEPC, MS Bitlocker,
PGP WDE, etc.
Regards,
Darren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140619/129a2a18/attachment.html>
More information about the cryptography
mailing list