Re: AES HDD encryption was XOR

2008-12-07 Thread Jerry Leichter 

On Dec 7, 2008, at 4:10 AM, Alexander Klimov wrote:

:


With its Digittrade Security hard disk, the German vendor
Digittrade has launched another hard disk housing based on the
unsafe IM7206 controller by the Chinese manufacturer Innmax.
The German vendor prominently advertises the product's strong
128-bit AES encryption on its packaging and web page. In
practice, however, the hard disk data is only encrypted using
a primitive XOR mechanism with an identical 512-Byte block for
each sector.
Oh, but that 512-byte block is generated using Triple AES, and is  
highly, highly secure!  :-)


An interesting bit of wording from the site linked to above:   
"According to current cryptography research, this would be virtually  
impossible, even with a short key length of only 128 bits."  Although  
the sentence accurately states that AES-128 is thought to be secure  
within the state of current and expected cryptographic knowledge, it  
propagates the meme of the "short key length of only 128 bits".  A key  
length of 128 bits is beyond any conceivable brute force attack - in  
and of itself the only kind of attack for which key length, as such,  
has any meaning.  But, as always, "bigger *must* be better" - which  
just raises costs when it leads people to use AES-256, but all too  
often opens the door for the many snake-oil "super-secure" cipher  
systems using thousands of key bits.

   -- Jerry


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

AES HDD encryption was XOR

2008-12-07 Thread Alexander Klimov 
:

  With its Digittrade Security hard disk, the German vendor
  Digittrade has launched another hard disk housing based on the
  unsafe IM7206 controller by the Chinese manufacturer Innmax.
  The German vendor prominently advertises the product's strong
  128-bit AES encryption on its packaging and web page. In
  practice, however, the hard disk data is only encrypted using
  a primitive XOR mechanism with an identical 512-Byte block for
  each sector.

-- 
Regards,
ASK

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Attacking a secure smartcard

2008-12-07 Thread Jerry Leichter 
I've previously mentioned Flylogic as a company that does cool attacks  
on chip-level hardware protection.  In http://www.flylogic.net/blog/?p=18 
, they talk about attacking the ST16601 Smartcard - described by the  
vendor as offering "Very high security features including EEPROM flash  
erase (bulk-erase)".  The chip is covered by a metal mesh that, if cut  
or shorted, blocks operation.  However, Flylogic reports:


"Using our techniques we call, “magic” (okay, it’s not magic but we’re  
not telling), we opened the bus and probed it keeping the chip alive.   
We didn’t use any kind of expensive SEM or FIB.  The equipment used  
was available back in the 90’s to the average hacker!  We didn’t even  
need a university lab.  Everything we used was commonly available for  
under $100.00 USD.
This is pretty scary when you think that they are certifying these  
devices under all kinds of certifications around the world."


-- Jerry




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]