[Cryptography] Shredding a file on a flash-based file system?
Bear
bear at sonic.net
Fri Jun 20 12:54:00 EDT 2014
On Thu, 2014-06-19 at 16:32 -0400, Darren Lasko wrote:
> On Thu, Jun 19, 2014 at 3:52 PM, Bear <bear at sonic.net> wrote:
> Under what circumstances would an attacker have the drive
> platters in hand, but not have access to the key which is
> stored in the drive hardware?
> When the encryption key isn't just "stored" in the drive hardware.
> Any implementation worth its salt will only store the key wrapped with
> the authentication credentials required for unlocking the drive.
Could you please explain what you mean, in hardware-oriented
terms, what you mean when you use the words "wrapped with"
in this context?
Because clearly the key is stored unsecured if the machine can
boot up the operating system without me entering a key. To boot
the operating system requires reading the supposedly encrypted
drive. If the key doesn't come from outside, then it is stored
in the same machine the attacker would presumably be stealing.
If it doesn't require someone to demonstrate their credentials
by entering a secret, then it is stored unsecured.
So if there's meaningful protection attached to the words "wrapped
with" I don't understand how it can possibly work.
Bear
More information about the cryptography
mailing list