[Cryptography] trojans in the firmware
Michael Kjörling
michael at kjorling.se
Sun Feb 22 17:00:32 EST 2015
On 19 Feb 2015 08:12 -0800, from hbaker1 at pipeline.com (Henry Baker):
> BTW, what's the point of AES encryption on this pre-p0wned device?
> More security theatre?
Besides what others have already said, it allows you (as in the device
manufacturer or firmware vendor) to efficiently implement the "SECURE
ERASE" command. Just generate a new key and overwrite the old one with
the new one. Voila, the data has now gone to Where Documents Sometimes
Go. No need to overwrite every sector (has the added benefit of saving
time, particularly in the case of HDDs, and write cycles, particularly
in the case of SSDs) and it ensures that _all_ data remnants are
rendered unusable. Even for example cells that are no longer able to
take and hold a new state become unusable for recovery attempts,
because all you're getting is the ciphertext where the key has been
discarded. If the crypto is any good, that means you get nothing
useful at all.
While I personally wouldn't rely exclusively on a self-encrypting
storage device for security, it _does_ add one more layer of defense
in depth. And for certain use cases, just _might_ be good enough all
on its own.
The bad part is that for all that advertising, it could just be AES in
ECB mode with the same key for every block. Obviously, details matter,
but 99.9% of even the people who are looking for something like that
see "256-bit AES" and think "great, unbreakable!".
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the cryptography
mailing list