On Sep 6, 2013, at 11:37 AM, John Ioannidis wrote:
> I'm a lot more worried about FDE (full disk encryption) features on modern 
> disk drives, for all the obvious reasons.
If you're talking about the FDE features built into disk drives - I don't know 
anyone who seriously trusts it.  Every "secure disk" that's been analyzed has 
been found to be "secured" with amateur-level crypto.  I seem to recall one 
that advertised itself as using AES (you know, military-grade encryption) which 
did something like:  Encrypt the key with AES, then XOR with the result to 
"encrypt" all the data.  Yes, it does indeed "use" AES....

There's very little to be gained, and a huge amount to be lost, be leaving the 
crypto to the drive, and whatever proprietary, hacked-up code the bit-twiddlers 
who do driver firmware decide to toss in to meet the marketing requirement of 
being able to say they are secure.  Maybe when they rely on a published 
standard, *and* provide a test mode so I can check to see that what they wrote 
to the surface is what the standard says should be there, I might change my 
mind.  At least them, I'd be worrying about deliberate attacks (which, if you 
can get into the supply chain are trivial - there's tons of space to hide away 
a copy of the key), rather than the nonsense we have today.

> And if I wanted to be truly paranoid, I'd worry about HSMs to
Now, wouldn't compromising HSM's be sweet.  Not that many vendors make HSM's, 
and they are exactly the guys who already have a close relationship with the CI 
(crypto-industrial) complex....
                                                        -- Jerry

> /ji

The cryptography mailing list

Reply via email to