On Sep 6, 2013, at 11:37 AM, John Ioannidis wrote:
I'm a lot more worried about FDE (full disk encryption) features on modern
disk drives, for all the obvious reasons.
If you're talking about the FDE features built into disk drives - I don't know
anyone who seriously trusts it. Every secure disk that's been analyzed has
been found to be secured with amateur-level crypto. I seem to recall one
that advertised itself as using AES (you know, military-grade encryption) which
did something like: Encrypt the key with AES, then XOR with the result to
encrypt all the data. Yes, it does indeed use AES
There's very little to be gained, and a huge amount to be lost, be leaving the
crypto to the drive, and whatever proprietary, hacked-up code the bit-twiddlers
who do driver firmware decide to toss in to meet the marketing requirement of
being able to say they are secure. Maybe when they rely on a published
standard, *and* provide a test mode so I can check to see that what they wrote
to the surface is what the standard says should be there, I might change my
mind. At least them, I'd be worrying about deliberate attacks (which, if you
can get into the supply chain are trivial - there's tons of space to hide away
a copy of the key), rather than the nonsense we have today.
And if I wanted to be truly paranoid, I'd worry about HSMs to
Now, wouldn't compromising HSM's be sweet. Not that many vendors make HSM's,
and they are exactly the guys who already have a close relationship with the CI
(crypto-industrial) complex
-- Jerry
/ji
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography