[Cryptography] How can you enter a 256-bit key in 12 decimal digits?

RB aoz.syn at gmail.com
Sun Jan 3 18:23:45 EST 2016


On Sun, Jan 3, 2016 at 12:26 PM, Ray Dillinger <bear at sonic.net> wrote:
> 256-bit encryption it says, but it has buttons for entering
> decimal digits and allows "up to 12-digit pass code combinations
> to protect your data from unauthorized use."
>
> Now, the last time I looked, 12 decimal digits equals about 40
> bits, not 256 bits.  To enter a 256-bit key you need ~77 decimal
> digits, not 12.
>
> If someone can get at your data by brute forcing a key in a 40-
> bit key space

Not providing any opinion or information regarding this particular
drive, a well-developed drive is going to use a key derivation
function (e.g. PBKDFv2) to generate the actual 256-bit key.  Few users
ever enter a full 256 bits of entropy for even software FDE, and this
is conceptually no different.

> why is it legal to call this 256-bit encryption?

You confuse the term "legal" with "acceptable" perhaps?  Even assuming
the worst case that the user PIN was simply an ATA password or less,
and that the data on all enclosures was encrypted with a single common
256-bit manufacturer key, it would pass muster in at least US courts.
They make no claims whatsoever that the PIN affects encryption, only
that it protects from "unauthorized use."  Nobody that cares will use
the drive, and those that don't care (or don't know to) don't matter.
This is the race to the bottom.

> I can easily remember 40-digit sequences using mnemonics that are
> completely opaque to others; I figure that entitles me to use
> 128-bit key spaces.  Nobody appears to want me to be able to do
> that.

In the razor-thin margins of computing hardware and peripherals,
nobody cares about the Bear use case.  They care about what will sell
100k units to the people that don't [know to] care while investing the
least capital possible (in terms of both hardware and engineering).
They could invest orders of magnitude more in the product before you
would be interested, hence they simply don't care about acquiring you
as the marginal customer.  This is basic economics.

To Steve's comment, nobody has taken them to court because (at least
in the US) the chances of success are effectively nil.  Often because
the supplier is typically a small-potatoes foreign operator that is
more likely to fold and reappear under another name than to yield any
lawsuit/settlement return.  Add in that (again, at least for the US)
the legal environment actively encourages language abuse, legal
defense is usually a turn of phrase away.

There are good reasons that enclosure-based encryption hasn't
outstripped software-based FDE.  To legitimately compete on security
terms with the likes of TrueCrypt and its progeny, Bitlocker,
FileVault, and LUKS (and do so transparently to the OS), hardware and
R&D would cost significantly more than manufacturers find it worth.


More information about the cryptography mailing list