Date: Tue, 24 Feb 2015 13:09:41 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: [Cryptography] trojans in the firmware Message-ID: <20150224130941.5b0998bc@gumby.homeunix.com> In-Reply-To: <E1YPgCs-0005lQ-F2@login01.fos.auckland.ac.nz> References: <E1YOTjj-0004uI-59@elasmtp-mealy.atl.sa.earthlink.net> <E1YPgCs-0005lQ-F2@login01.fos.auckland.ac.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 23 Feb 2015 12:45:02 +1300 Peter Gutmann wrote: > Henry Baker <hbaker1@pipeline.com> writes: > > >BTW, what's the point of AES encryption on this pre-p0wned device? > >More security theatre? > > Almost. Its sole use is for very fast "drive erasure", i.e. you > change the key and the data on it becomes inaccessible. Have a look > at this presentation: > > http://www.snia.org/sites/default/education/tutorials/2012/spring/security/MichaelWillett_Implementing%20Stored-Data_Encryption_2.pdf > > which describes what Samsung (and others) are doing, in particular > slide 18. The decryption key (DEK) is stored in the drive, and is > unlocked using a password (and "authentication key", AK). So to > decrypt the drive you extract the encrypted DEK, brute-force the > password (AK), and you're in. This is how practically all disk encryption works. Whether or not it's secure depends on the strength of the password + key-file.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150224130941.5b0998bc>