On Sep 6, 2013, at 11:37 AM, John Ioannidis wrote:
> I'm a lot more worried about FDE (full disk encryption) features on modern
> disk drives, for all the obvious reasons.
>
If you're talking about the FDE features built into disk drives - I don't know
anyone who seriously trusts it. Every "secure disk" that's been analyzed has
been found to be "secured" with amateur-level crypto. I seem to recall one
that advertised itself as using AES (you know, military-grade encryption) which
did something like: Encrypt the key with AES, then XOR with the result to
"encrypt" all the data. Yes, it does indeed "use" AES
There's very little to be gained, and a huge amount to be lost, be leaving the
crypto to the drive, and whatever proprietary, hacked-up code the bit-twiddlers
who do driver firmware decide to toss in to meet the marketing requirement of
being able to say they are secure. Maybe when they rely on a published
standard, *and* provide a test mode so I can check to see that what they wrote
to the surface is what the standard says should be there, I might change my
mind. At least them, I'd be worrying about deliberate attacks (which, if you
can get into the supply chain are trivial - there's tons of space to hide away
a copy of the key), rather than the nonsense we have today.
> And if I wanted to be truly paranoid, I'd worry about HSMs to
>
Now, wouldn't compromising HSM's be sweet. Not that many vendors make HSM's,
and they are exactly the guys who already have a close relationship with the CI
(crypto-industrial) complex
-- Jerry
> /ji
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography