[Cryptography] How can you enter a 256-bit key in 12 decimal digits?

Ray Dillinger bear at sonic.net
Sun Jan 3 14:26:51 EST 2016

So I was looking for a new hard drive today and I came across this:


I'm pointing this particular drive out, but it's representative of
the offerings on display.  I don't want to single out Fantom, but
the description of this particular device very blatantly points
out a very common problem.

256-bit encryption it says, but it has buttons for entering
decimal digits and allows "up to 12-digit pass code combinations
to protect your data from unauthorized use."

Now, the last time I looked, 12 decimal digits equals about 40
bits, not 256 bits.  To enter a 256-bit key you need ~77 decimal
digits, not 12.

If someone can get at your data by brute forcing a key in a 40-
bit key space, why is it legal to call this 256-bit encryption?

Here's another thing I found which illustrates a different (also
common) problem.  Again, I'm not singling out this manufacturer;
I'm pointing at this particular device only because the problem
is very clear from its description.


"128-bit encryption" it says, but I notice it has no way to actually
enter a key.  Reading on, I see that the device is meant to be used
with a physical token that stores the key.  O....kay, but I'm not
happy about an object that can be stolen along with the drive being
the sole security, and I wonder how the customer sets the key. Is
there a grid of pins that you can put about a hundred jumper blocks
onto at random and then snap down a cover and fill the fob with
epoxy? It'd be easy to read that using an x-ray, but if you can
x-ray it you've already stolen it, right?  So no *additional* threat.
But then I read on, and it says "Bundled with 2 cipher keys."

2 physical tokens - both containing the same single key which is
known to the drive manufacturer, with no assurance that the key
is unique. Even if they are, brute-force attempts on all the keys
the manufacturer has ever issued is going to be an unacceptably
small (trivial) key space.  Moreover, the device comes with a
serial number, so an opponent who cracks (or compels) the manufacturers
database would be looking at a zero-bit key space.  How in the
world can a device with a zero-bit key space be referred to as
having 128-bit encryption?

I can easily remember 40-digit sequences using mnemonics that are
completely opaque to others; I figure that entitles me to use
128-bit key spaces.  Nobody appears to want me to be able to do


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160103/503fb750/attachment.sig>

More information about the cryptography mailing list