From owner-freebsd-security@FreeBSD.ORG Sun Feb 22 23:48:00 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4A093538 for ; Sun, 22 Feb 2015 23:48:00 +0000 (UTC) Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mx2.auckland.ac.nz", Issuer "AusCERT Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 933FE84A for ; Sun, 22 Feb 2015 23:47:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1424648879; x=1456184879; h=date:message-id:from:to:subject:in-reply-to; bh=fkYAfgEUu/3rdi6xLyeG9H3GiTfGM1etNKRLXYmahEo=; b=X4CqZ2GB9LajFQr2J+dA9ql9+G9+GNaMoURtK9poUxVeqzNfE7m+PkES NmVZaph9sCPjFtS2XtP2h50vs2z/7qw0dvRF/H7o/81cJLn3UzhxcOXPx 8XPKbX7gafS7/6mqYwF121YSjUoQIXLS2GrPIbaWoQ9fJAtBDqTvDMeCj Q=; X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="309291181" X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE X-Ironport-Source: 130.216.34.40 - Outgoing - Outgoing Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 23 Feb 2015 12:46:45 +1300 Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.72) (envelope-from ) id 1YPgCs-0005lQ-F2; Mon, 23 Feb 2015 12:45:02 +1300 Date: Mon, 23 Feb 2015 12:45:02 +1300 Message-Id: From: Peter Gutmann To: cryptography@metzdowd.com, cypherpunks@cpunks.org, freebsd-security@freebsd.org, grarpamp@gmail.com, hbaker1@pipeline.com Subject: Re: [Cryptography] trojans in the firmware In-Reply-To: X-Mailman-Approved-At: Mon, 23 Feb 2015 00:12:30 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2015 23:48:00 -0000 Henry Baker writes: >BTW, what's the point of AES encryption on this pre-p0wned device? More >security theatre? Almost. Its sole use is for very fast "drive erasure", i.e. you change the key and the data on it becomes inaccessible. Have a look at this presentation: http://www.snia.org/sites/default/education/tutorials/2012/spring/security/MichaelWillett_Implementing%20Stored-Data_Encryption_2.pdf which describes what Samsung (and others) are doing, in particular slide 18. The decryption key (DEK) is stored in the drive, and is unlocked using a password (and "authentication key", AK). So to decrypt the drive you extract the encrypted DEK, brute-force the password (AK), and you're in. In any case though it doesn't protect against an attack that occurs when the drive is mounted since it looks like an unencrypted drive at that point (and presumably the AK is hardcoded into a startup script or something similar in order to survive power outages, so you can grab that if you really need it). It's actually hard to see what purpose this "encryption" is serving (the vendors studiously avoid providing a threat model), it doesn't protect live data, it barely protects data at rest (say if you decide to Fedex the contents of your data centre across town), the only thing it really does is allow for fast erasure of contents, and protect against casual snooping of the "buy a batch of drives on ebay and see what's on them" kind. So I guess if ebay is your threat, it's good enough. OTOH a BIOS password set for the drive will do the same thing. As a more general response to "what's the point", regulatory compliance ("our drives were encrypted so we don't have to disclose the 40M credit card breach from last week"), buzzword-compliance, CYA, it's not a bad idea from a marketing point of view. Peter.