Re: Seagate announces hardware FDE for laptop and desktop machines

2009-06-14 Thread james hughes

On Jun 10, 2009, at 4:19 PM,  

Reading really old email, but have new information to add.

On Wed, Oct 03, 2007 at 02:15:38PM +1000, Daniel Carosone wrote:
Speculation: the drive always encrypts the platters with a (fixed)  

key, obviating the need to track which sectors are encrypted or
not. Setting the drive password simply changes the key-handling.

Implication: fixed keys may be known and data recoverable from  

records, e.g. for law enforcement, even if this is not provided as an
end-user service.

There was an interesting article in 2600 recently about ATA drive

It's in Volume 26, Number 1 (Spring 2009).  Sorry that I don't have an
electronic copy.

The relevant bit of it is that there are two keys.  One key is for the
user, and one (IIRC, it is called a master key) is set by the factory.

IIRC, there was a court case recently where law enforcement was able
to read the contents of a locked disk, contrary to the vendor's claims
that nobody, even them, would be able to do so.

All of these statements may be true. The standardization of the  
command set for encrypting disk drive does has a set master key  
command. If this command does exist, and if the user had software that  
resets this master password, then the backdoor would have been closed.  
(I know, there area  lot of ifs in that sentence.)
and from universities you can access


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

OT: Presentation on Effectively and Securely Using the Cloud Computing Paradigm

2009-06-14 Thread Ali, Saqib
NIST has published a working draft of the Cloud Computing Security presentation:

Both of the documents on this page are excellent read for anyone
interested in Cloud Computing.

Some of the Security Advantages mentioned in the presentation are:

Shifting public data to a external cloud reduces the exposure of the
internal sensitive data
Cloud homogeneity makes security auditing/testing simpler
Clouds enable automated security management
Redundancy / Disaster Recovery
Data Fragmentation and Dispersal
Dedicated Security Team
Greater Investment in Security Infrastructure
Fault Tolerance and Reliability
Greater Resiliency
Hypervisor Protection Against Network Attacks
Possible Reduction of CA Activities (Access to Pre-Accredited Clouds)
Simplification of Compliance Analysis
Data Held by Unbiased Party (cloud vendor assertion)
Low-Cost Disaster Recovery and Data Storage Solutions
On-Demand Security Controls
Real-Time Detection of System Tampering
Rapid Re-Constitution of Services
Advanced Honeynet Capabilities

What are your thoughts on these benefits?


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

Re: padding attack vs. PKCS7

2009-06-14 Thread James Muir wrote:
 Towards the end of this rather offbeat blog post they describe a
 rather clever attack which is possible when the application provides
 error messages (i.e. is an error oracle) for PKCS7 padding in e.g. AES
 CBC-encrypted web authenticators that allows an adversary to attack
 the crypto one octet at a time.

I think this attack can be attributed to Klima and Rosa:

Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format.
V. Klima and T. Rosa.


Description: OpenPGP digital signature

SHA-1 in 2**52

2009-06-14 Thread I)ruid
Differential Path for SHA-1 with complexity O(2**52)
Cameron McDonald, Philip Hawkes, and Josef Pieprzyk
Macquarie University

I)ruid, CĀ²ISSP

Description: This is a digitally signed message part