[Cryptography] trojans in the firmware
Tom Mitchell
mitch at niftyegg.com
Sun Feb 22 23:48:15 EST 2015
On Sun, Feb 22, 2015 at 3:45 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:
> Henry Baker <hbaker1 at pipeline.com> writes:
>
> >BTW, what's the point of AES encryption on this pre-p0wned device? More
> >security theatre?
>
> Almost. Its sole use is for very fast "drive erasure", i.e. you change the
> key and the data on it becomes inaccessible. Have a look
>
Yes...
In addition it can be of value for a remote wipe.
This is interesting with phone home software that then
discovers it has been reported lost. A small handshake and one
company might duck having to report a massive data breach.
The single largest value is the release of devices that once lived
in an interesting location and needs to be transported to a destruction
location. Perhaps not national secrets but Amazon or Google compute
center.. or pharma... or medical records. More valuable to RAID vendors
than customers of RAID vendors as it can be used to limit vendor liability
as they replace one rack with a new one and have to manage the trash.
Someone once commented to me that NSA and TLAs like milling machines and
the curie point of media.
All must transport the device to be trashed. Some individuals in the early
steps of the custody chain might like a quick wipe method.
Some should mention the terrible handling of disks in copy machines.
This could help in the decommission or service process but does not solve
bankruptcy
induced problems.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150222/90de748e/attachment.html>
More information about the cryptography
mailing list