Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cracking a Crypto Hard Drive Case

kdawson posted more than 6 years ago | from the easy-button dept.

Encryption 238

juct writes "A label on the box reading 'AES' does not ensure that your data are protected. heise examined a hard drive enclosure with an RFID key that is typical of many similar products. They found that the 128-bit AES hardware encryption claimed in advertisements was in fact a simple XOR encryption that they were able to break easily with a known plaintext attack." The manufacturer of the drive examined has announced that the product is being retooled and will be reintroduced later this year, presumably with actual AES encryption.

Sorry! There are no comments related to the filter you selected.

Criminal prosecution? (5, Insightful)

palegray.net (1195047) | more than 6 years ago | (#22472018)

For God's sake, can't the company's executives be charged under a criminal statute? Fraud, anyone? I guess their next product will use advanced ROT13 encryption technology.

Re:Criminal prosecution? (5, Funny)

Nero Nimbus (1104415) | more than 6 years ago | (#22472022)

Hey, that's better than ROT26.

Re:Criminal prosecution? (1)

Brian Gordon (987471) | more than 6 years ago | (#22472052)

inb4ROT52

Re:Criminal prosecution? (2, Funny)

techno-vampire (666512) | more than 6 years ago | (#22472276)

Maybe they can can get real technical about it and use ROT 39.

Re:Criminal prosecution? (4, Funny)

TheVelvetFlamebait (986083) | more than 6 years ago | (#22473096)

Can you please repost your comment in plain text? Most of us can't be bothered decrypting your message.

Re:Criminal prosecution? (4, Funny)

GaryPatterson (852699) | more than 6 years ago | (#22472024)

It'll be so good, it'll do ROT13 twice!

Re:Criminal prosecution? (1)

the100rabh (947158) | more than 6 years ago | (#22472108)

My current Samsung drive already does that

Re:Criminal prosecution? (0)

Anonymous Coward | more than 6 years ago | (#22472416)

Heck, even my fifteen-year-old Western Digital drive does that, and with no loss in performance!

Re:Criminal prosecution? (5, Funny)

Spy der Mann (805235) | more than 6 years ago | (#22472256)

It'll be so good, it'll do ROT13 twice!

Hah! That doesn't compare with DOUBLE-XOR encryption! :D

Re:Criminal prosecution? (4, Funny)

jmv (93421) | more than 6 years ago | (#22472708)

I do double-xor with a one-time pad. I've even figured out a way to do what without having to give the one-time-pad to the recipient, so I guess it counts as asymmetric cryptography.

Re:Criminal prosecution? (5, Funny)

Anonymous Coward | more than 6 years ago | (#22472292)

Double-ROT-13 is funny
Quadruple-ROT-13 is twice as funny
Sextuple-ROT-13 is thrice as funny, and gets a two bonus points for the 's-e-x' string in it
Octuple-ROT-13 is twice twice as funny, and gets a bonus point for sounding a bit like the word 'octopus', which has 'p-u-s' in it, which sounds a bit like 'pussy', which is a synonym for 'vagina', which is related to 'sex'
Decuple-ROT-13 is twice plus thrice as funny
Duodecuple-ROT-13 is twice thrice as funny

After that it just gets lame.

Re:Criminal prosecution? (2, Funny)

garutnivore (970623) | more than 6 years ago | (#22473374)

Hmm... after that you are inducing bit rot.

Re:Criminal prosecution? (1)

lawrencebillson (1136239) | more than 6 years ago | (#22472526)

Like with DES; double ROT13 produces weak cyphertext. You really want to go with triple ROT13.

Re:Criminal prosecution? (1)

Cheesey (70139) | more than 6 years ago | (#22472748)

But wait! Is that stronger? Is ROT13 a group? [ciphersbyritter.com] We may never know...

Re:Criminal prosecution? (4, Funny)

pyite (140350) | more than 6 years ago | (#22472904)

Is ROT13 a group? We may never know...

After much work, I have proved that ROT forms a group under functional composition. I shall call it "the rotation group." This comment field, however, is simply too small to contain the proof.

Re:Criminal prosecution? (0)

Anonymous Coward | more than 6 years ago | (#22472122)

Company's executives rebuttal:
"We guarantee that each byte is encrypted individually, but we don't guarantee that more than one of them is encrypted."

Re:Criminal prosecution? (1)

FelixGordon (1132635) | more than 6 years ago | (#22473230)

My counter product will boast a guarantee that:

"Every bit is encrypted individually, and we guarantee that every bit is encrypted."

Re:Criminal prosecution? (4, Funny)

dbIII (701233) | more than 6 years ago | (#22472150)

It's not fraud if it's still AES. In this case AES stands for the claims which are Advanced Equine Stool.

Re:Criminal prosecution? (5, Insightful)

mxs (42717) | more than 6 years ago | (#22472242)

For God's sake, can't the company's executives be charged under a criminal statute? Fraud, anyone?
AES was used /somewhere/.

It's /never/ a good idea to rely on cryptographic features when you don't know exactly how they are implemented. A vendor telling you they use AES is completely and utterly worthless, and always has been. It's a nice buzzword people like to use.

It's also NEVER a good idea to use any "crypto developed in-house". Manufacturers love to tell you since they developed it and their development is secret and such that their product is safe and secure, much more secure even since nobody knows how it works.
Cryptologists laugh at those claims, and everybody else should, too. These non-encrypting devices are a good reason as to why they do so.

If you want truly encrypted files and disks, don't rely on cheap external enclosures. TrueCrypt is not hard to use and offers a decent level of protection (forget Windows crypto, it's littered with backdoors unless configured JUST right, which is not an easy task and definitely not default). Under linux, it's decidedly easy to use AES encryption on block devices.

I guess their next product will use advanced ROT13 encryption technology.
For good measure, they'll apply it twice -- after all, twice is better than once.

Re:Criminal prosecution? (4, Insightful)

pipatron (966506) | more than 6 years ago | (#22472470)

This is, of course, also the reason why you should never trust any closed-source products to do anything important. You have absolutely no clue about what it does and how it does it, no matter what it claims to do.

Re:Criminal prosecution? (1, Insightful)

somersault (912633) | more than 6 years ago | (#22473020)

That's why I always switch off the driver aids when driving my car and my fighter jets - if I haven't seen the source, then I'm damned if I'm going to trust some little computer to keep me alive.

Re:Criminal prosecution? (1)

Workaphobia (931620) | more than 6 years ago | (#22472484)

> It's also NEVER a good idea to use any "crypto developed in-house". Manufacturers love to tell you since they developed it and their development is secret and such that their product is safe and secure, much more secure even since nobody knows how it works.
> Cryptologists laugh at those claims, and everybody else should, too. These non-encrypting devices are a good reason as to why they do so.

Indeed, the only purpose for which this kind of thing should ever be considered is when your threat model says it's not worth having security against anyone with even a mild motivation. I once came across a certain dongle-based DRM/antipiracy solution for a piece of software I was working on. The system was bottom-dollar to be sure - I'm fairly certain that most of its functionality was implemented in its drivers, not in hardware - but it was better than nothing. It's just that the incremental improvement of having very weak obscurity instead of having no protection at all, is so much more justifiable than the improvement of good, rock solid crypto over weak obscurity.

Re:Criminal prosecution? (2, Interesting)

TubeSteak (669689) | more than 6 years ago | (#22472498)

Hardware crypto, such that key authentication/management is done without any computer interaction, means I don't have to worry about the security of the machine I'm using and it means I can use secure storage on a locked down box that does not allow software to be installed.

If you want truly encrypted files and disks, don't rely on cheap external enclosures. TrueCrypt is not hard to use and offers a decent level of protection
People want portable hardware solutions.
Stop suggesting software and give us viable (ie secure) hardware alternatives.
What are the not-so-cheap external enclosures?

Re:Criminal prosecution? (4, Informative)

pipatron (966506) | more than 6 years ago | (#22472542)

Hardware crypto, such that key authentication/management is done without any computer interaction, means I don't have to worry about the security of the machine I'm using

Wrong. If the machine you are using is compromised, anyone with access to it can access your data as soon as you unlock it, either with your physical key, or with a password. Doesn't matter if you use software or hardware encryption. If your text editor can read the file on the disk, so can any other program on the computer.

Re:Criminal prosecution? (1)

mrbluze (1034940) | more than 6 years ago | (#22473114)

People want portable hardware solutions. Stop suggesting software and give us viable (ie secure) hardware alternatives.

The crypto solution in OS X is a practical model. Linking the folder tree encryption with the standard login password is good (without the loss of the GUI). If the solution was applied to Linux and was open-sourced, it would be no biggie to use an RFID tag or some device instead of a password. Perhaps at the loss of the RFID (person walks away), the device could lock or something.

As for 'hardware', realistically speaking I think it's false security if only the external hard-drive is 'secure'. Wherever the person plugs it into can be compromised. Therefore every system the person uses must be trusted, which means it might as well contain the necessary software to decrypt the drive contents, which means you don't need a hardware alternative if you are serious about security.

Re:Criminal prosecution? (1)

sotn3m (1242102) | more than 6 years ago | (#22472644)

What do you mean by: "configured JUST right"?

If it's littered with backdoors, can configuration change anything?

Re:Criminal prosecution? (0)

Anonymous Coward | more than 6 years ago | (#22472716)

TrueCrypt is decidedly shitty to use if you use any other Linux than Ubuntu.

Re:Criminal prosecution? (1)

MichaelSmith (789609) | more than 6 years ago | (#22473124)

For good measure, they'll apply it twice -- after all, twice is better than once.

Its no joke. The IT group where I work have failed to provide a low latency link to a new system and proposed a compression box to install in the link. When I complained that this wouldn't work they suggested putting a second compressor in series to make the most of the bandwidth.

And yes I know that latency has little to do with bandwidth. Thats a different story.

Re:Criminal prosecution? (0)

Anonymous Coward | more than 6 years ago | (#22473198)

TrueCrypt is not hard to use and offers a decent level of protection (forget Windows crypto, it's littered with backdoors unless configured JUST right, which is not an easy task and definitely not default).


What about using Bitlocker under Vista with a tpm 1.2 chip? I thought that was supposed to be secure.

Re:Criminal prosecution? (0)

Anonymous Coward | more than 6 years ago | (#22472436)

Why don't you just buy one then sue for fraud? Maybe no one really cares that much. If you care so much, do something about it. -- Chloe

How about a software solution? (5, Interesting)

palegray.net (1195047) | more than 6 years ago | (#22472032)

Would something like TrueCrypt [truecrypt.org] , where you can easily look at the source, be a better solution? At the very least, it could avoid problems like these.

Re:How about a software solution? (3, Insightful)

kcbanner (929309) | more than 6 years ago | (#22472068)

Its not the same thing. We're talking about encryption in the device (apparently), so its done before it hits the computer.

Re:How about a software solution? (5, Insightful)

palegray.net (1195047) | more than 6 years ago | (#22472098)

I'm aware it's not the same thing :). While I understand the performance benefits of doing the heavy computation with specialized hardware, I'm questioning the wisdom of trusting any embedded encryption platform that isn't easily audited for correct operation. What about devices that actually perform encryption using the algorithms claimed, but the implementation of the crypto routines contains a flaw that isn't easily detected? What do you do about it when your organization has a few of them in production? Closed platforms make me nervous when security really matters.

Re:How about a software solution? (1)

kcbanner (929309) | more than 6 years ago | (#22472130)

I agree completely. I would rather have the computer do the stuff in software as well, proprietary encryption is like proprietary hardware raid, its just Not Safe(TM).

Re:How about a software solution? (5, Interesting)

davmoo (63521) | more than 6 years ago | (#22472136)

There's another disadvantage to hardware encryption like this product, even if it worked correctly, and why I also favor something like TrueCrypt (which is infact what I use) even if it might make a bit more work for the computer. The maker says "this is our special chip, and here's the source for our firmware for you to inspect"...now, how do you *know* that's really the firmware that's on that chip? Very few of us are in a position where we could take that source and make our own chip. In a situation where I want to be assured of security, I'm going to not only use TrueCrypt, I'm going to compile it myself.

Re:How about a software solution? (5, Interesting)

Anonymous Coward | more than 6 years ago | (#22472346)

I'm going to not only use TrueCrypt, I'm going to compile it myself.

That won't help you. You need to read Reflections of Trusting Trust by Ken Thompson: http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com]

Re:How about a software solution? (2, Interesting)

Workaphobia (931620) | more than 6 years ago | (#22472426)

I don't know what's in the book the AC above recommended, but it's true, compiling TrueCrypt yourself adds no security over accepting a binary from the official website (I'd assume it's them you'd be getting builds from, since it is in fact a windows program). If you're paranoid enough to not trust the developers, then you're paranoid enough to require hiring a trusted party to basically recreate the software for you.

Re:How about a software solution? (1)

palegray.net (1195047) | more than 6 years ago | (#22472448)

How do you trust the trusted third party? Dennis Nedry [wikipedia.org] was paid lots of money to build Jurassic Park's island management system, and just look at how well that turned out ;).

Re:How about a software solution? (1)

Workaphobia (931620) | more than 6 years ago | (#22472572)

Trust is a technical word; you trust someone by simply *doing* so. I believe it's the DoD that defines it a trusted party as "one that can break your security model", and I think most other organizations use a similar definition if it's not an outright industry standard. This means that you simply define your security model such that you don't worry about the third party, and *in theory* you're alright.

Also, I'd recommend auditing all your code to avoid raptor attacks by removing gotos.

Re:How about a software solution? (3, Funny)

palegray.net (1195047) | more than 6 years ago | (#22472634)

I followed your advice and dug out a hard drive full of BASIC code from 15 years ago... I replaced all the GOTOs with GOSUBs and feel much more secure!

Re:How about a software solution? (4, Insightful)

evanbd (210358) | more than 6 years ago | (#22472698)

Especially since compiling the code yourself is completely sufficient to prevent security flaws. Erm. You were planning to audit it, right? Since everyone knows that's sufficient [bell-labs.com] .

Computer security is hard. Doing it right is really hard.

Re:How about a software solution? (1)

fm6 (162816) | more than 6 years ago | (#22472114)

Sure, open-source encryption softwareis more trustworthy than closed source. But this is a hardware solution.

Re:How about a software solution? (1)

cheater512 (783349) | more than 6 years ago | (#22472192)

That just means we need more open source hardware. :)

Re:How about a software solution? (3, Informative)

palegray.net (1195047) | more than 6 years ago | (#22472248)

Take a look at this publication [google.com] on an open source cryptographic coprocessor. Sorry about the PDF format.

Re:How about a software solution? (5, Informative)

blackwing0013 (680833) | more than 6 years ago | (#22472156)

Call me back when they have released something based on version 5.0 that "works" with Linux. Right now, the newly released 5.0 series is broken on Linux. It will cause your machine to lockup on most kernel versions used by Linux distros. Apparently, according to the authors of Truecrypt, they require you to upgrade to the latest release of the Linux kernel, which may not be an option for most of us.

Secondly, even if you were able to make it work the Linux kernel on your machine, the new FUSE-based Truecrypt 5.0 series is only 1/20-1/10 of the speed I get from the 4.x series. From 20-40 MB/s, now I only get 1-5 MB/s.

I am now considering to switch to dmcrypt+luks.

Re:How about a software solution? (2, Interesting)

pla (258480) | more than 6 years ago | (#22472942)

Call me back when they have released something based on version 5.0 that "works" with Linux.

Why would they bother, except as a sort of read-only compatibility mode to recover Windows volumes?

Under Linux, you already have stable loopback device support. You can literally encrypt (or compress, or snoop, or whatever filter you can think of applying to block-device traffic) anything, without needing another tool to do it.

Re:How about a software solution? (1)

Lars T. (470328) | more than 6 years ago | (#22472236)

Would something like TrueCrypt [truecrypt.org] , where you can easily look at the source, be a better solution? At the very least, it could avoid problems like these.
Since we are talking about en-/de- cryption inside the hard drive case - no, not really.

Re:How about a software solution? (1)

jibjibjib (889679) | more than 6 years ago | (#22472306)

Isn't encryption outside the case actually more secure?

Re:How about a software solution? (1)

Per Wigren (5315) | more than 6 years ago | (#22472390)

Yes, it is, but that was not the point.

Re:How about a software solution? (1)

Lars T. (470328) | more than 6 years ago | (#22473130)

Isn't encryption outside the case actually more secure?
Yes, but it is also pretty much useless for a portable drive that is supposed to be pluggable into just about any computer - but only usable when the RFID key is present.

To the OS this is just an USB2 drive, unless the key is missing - then it's a brick, also to anyone who "finds" it. Or it would be, if it had decent encryption.

Well, as others have noted (4, Insightful)

Sycraft-fu (314770) | more than 6 years ago | (#22472412)

This was a hardware solution. There's reason to want your encryption done in hardware (less CPU load for example).

However more importantly, what good does the source really do you? I mean I can get the Truecrypt source, and I can look at it, but it really isn't going to tell me anything other than that I'm not very good at C++. I'm not a programmer by trade, so I certainly can't trace through all the complicated code that makes up a program like Truecrypt (it even includes assembly).

What's more, even if you are a programmer, it doesn't necessairily do you any good. Cryptography is a pretty specialized field and a pretty complex one. So while you might be able to trace through all the code and see what it does, do you have all the cryptographic knowledge to know if it is doing everything right? Can you tell the different between a properly and improperly applied algorithm? Will you notice a minor bug in assembly where they put a JNA instead of a JNAE? You might conclude everything looks fine, but be wrong simply because you don't understand how it works well enough or because the error is non-obvious.

Now please don't misunderstand, I'm not saying I think Truecrypt is untrustworthy. Far from it, I use and trust it. I am just saying that there is the false warm fuzzy myth about OSS that tends to get thrown around on /. a lot. That the code is open doesn't mean anything because 99.999+% of people can't "easily look at the source" since it won't be meaningful to them. A source audit is only useful if the person doing it is an expert and does a thorough job.

Well, while that certainly can, and does, happen with OSS, it can happen with closed software as well. Being open doesn't make it inherantly secure, and doesn't mean a normal person can tell.

For that matter, to really check crypto software you don't just need a code audit, it is even more important to do a results audit. Basically you take data, you encrypt it, and then you look at the result and see if it is good. You treat the software like a black box because the question isn't "Is it producing the correct result based on the code," the question is "Is it producing the correct result based on the cryptosystem." If I wanted to audit Truecrypt I wouldn't so much be interested in how it did things internally. Heck, even if I was an expert it might easily have a bug I'd miss (since after all other experts had written it and missed said bug). What I'd be interested in is having it do encryption, then comparing the result against controls. Maybe another AES implementation I knew to be good, maybe one I wrote, maybe a bit of a test worked out by pen and paper, maybe just trying to do cryptographic attacks against the ciphertext..

Regardless of the method, what I'd want to do is verify operation, not design. I imagine that's what they did in this case. Drive claims "this is AES encryption" so they do a little compare and contrast and, what do you know, it isn't.

Re:Well, as others have noted (5, Insightful)

Bert64 (520050) | more than 6 years ago | (#22472704)

Well, just because you may not know too much about C or encryption...
I'm not really inclined to trust some company that says product X is secure, but i'm far more likely to trust a string of unconnected individuals, especially if some of those individuals are recognised cryptography experts or have at least studied cryptography at a reputable establishment.
Sure it's not perfect, but its a huge step in the right direction. The only perfect solution would be to study cryptography and programming (in whatever language) yourself first.

Encryption with today's processors (2, Informative)

this great guy (922511) | more than 6 years ago | (#22472864)

There's reason to want your encryption done in hardware (less CPU load for example).

Just to put things in perspective for this specific case, full-speed encryption of the I/O traffic of a 2.5" drive would be pretty cheap with today's processors. I happen to have a dev tree of OpenSSL 0.9.9 on my system, and its AES-128 implementation runs at 160 MByte/s (in 64-bit mode) on my dual-core 2.4 GHz Athlon 64. A typical 2.5" drive like the one cracked by Heise has a sequential I/O transfer rate of 50 Mbyte/s. Therefore encrypting at this rate would only require 16% of my CPU time (31% of a core). Or about 7-9% of CPU time of a $270 quad-core 2.4 GHz Intel Core2 Q6600.

Re:Well, as others have noted (1)

mattpalmer1086 (707360) | more than 6 years ago | (#22473138)

Checking the results of crypto software isn't generally useful, except in this particularly pathological case where they didn't even implement the algorithm they claimed!

The reason being, security weaknesses in crypto software aren't generally of the nature that they encrypt/decrypt wrongly (rendering your data entirely useless). They're more like keys get reused improperly, or privileges can be abused, or keys are written to disk, or exposed via a side-channel attack, like the timing of encryption, etc. It's not that they don't encrypt or decrypt properly, it's that their mode of operation leaves them open to attack.

So what happens... (4, Insightful)

TubeSteak (669689) | more than 6 years ago | (#22472034)

...when you lose the RFID fob?

Does the mfg keep a list of serial #s and RFID keys so they can mail you/thief a replacement?

Re:So what happens... (5, Funny)

palegray.net (1195047) | more than 6 years ago | (#22472048)

All the fobs are encoded with the special key: QWERTYUIOP1234567890. Don't worry though, the key is copyrighted internationally and cannot be used without proper authorization. Devilishly ingenious, those wily engineers...

Re:So what happens... (5, Interesting)

kcbanner (929309) | more than 6 years ago | (#22472142)

I think this is actually true in some cases. I once worked on some 2.4ghz radios from a certain vendor, and if you forgot the admin password you could expose them to the net and they could "unlock" them (YIKESOMG). They also had a version where you gave them the MAC of the radio and they gave you a special "unlock" password over the phone. Yea. It wasn't even random either, it was an english word iirc. The world of proprietary network gear = ugh. I prefer building them myself using Soekris or similar.

Re:So what happens... (3, Interesting)

gandhi_2 (1108023) | more than 6 years ago | (#22472418)

laugh it up fuzzball...

er wait, sorry. well some companies REALLY do rely on copyright for security. An example is the ASSA key and lock company. They make some really nice keys, but what makes them hard to copy? Copyrights on the "code" represented by the teeth on the keys.

This is totally different than a patent on a real cool key, it's a copyright on the "data" that essentially is the serial number for sales account, dealer, region, and country.

Their whole selling point is that no one can copy a key if it's copyrighted. I mean, shit...it worked for other industries... (:

Re:So what happens... (4, Insightful)

mxs (42717) | more than 6 years ago | (#22472270)

...when you lose the RFID fob?
Glad that you asked. Thank you for being our customer. Please go download http://vendor/recover.exe [vendor] . It will recover your data on your harddrive. This is a feature. Thank you for your business.

Does the mfg keep a list of serial #s and RFID keys so they can mail you/thief a replacement?
Quite honestly the entire concept is flawed. a.) if you loose your key and somebody else can furbish another one, your crypto is broken by default. You cannot trust it to secure anything at all. b.) RFID IDs as keys ? Sure, everybody knows RFIDs can ONLY be read at a distance of several centimeters. Right ? RIGHT ?

The question you should be asking is "If somebody copies my key, can I change the lock ?"

Re:So what happens... (4, Insightful)

TheThiefMaster (992038) | more than 6 years ago | (#22472702)

How about: "If somebody copies my key, will I even know?"

Leaves Software Based Encryption Relevant (2, Informative)

jeremiahbell (522050) | more than 6 years ago | (#22472060)

Yet another reason to encrypt your entire hard-drive with Linux in addition to hardware based encryption. Wish I knew enough to tell if it was working, though. Sure without the keys my hard-drives seems unreadable, but I am not a crypto expert.

Re:Leaves Software Based Encryption Relevant (2, Insightful)

palegray.net (1195047) | more than 6 years ago | (#22472118)

Defining security is the process of calculating that magical combination of (1) the value of what you're protecting, (2) what is costs you to protect (encrypt) it, and (3) the computational cost a determined adversary would have to expend to break the crypto. Determining an adequate level of protection for personal data is left as a personal exercise.

Re:Leaves Software Based Encryption Relevant (1)

rgaginol (950787) | more than 6 years ago | (#22472326)

Actually, I'd disagree - if this attitude is taken, what then stops the software from using a simple XOR encryption? Good encryption works on transparency of the algorithm and security in the private key. It seems sensible that any creator of this hardware should trust their software by releasing the source code for inspection.

And pay for real developers... those thousand monkeys which made this were actually tasked with creating the next season for Firefly.

This has to be illegal (4, Insightful)

pembo13 (770295) | more than 6 years ago | (#22472070)

This can't possibly be legal. Even the CEO should have an idea if one of their newest product does some highly technical thing which it advertises as a major feature. I don't expect him/her to know how AES works... but he should at least be sure that it is working on the drive. I'm sure his pocket change could hire a contractor to test this.

MOD PARENT UP (3, Insightful)

chebucto (992517) | more than 6 years ago | (#22472160)

TFA says the chip manufacturer was misleading, implying that AES was used for all data when in fact it was used for the key.

That said, the case manufacturers should have tested the product themselves. They should at least offer returns / refunds.

Re:This has to be illegal (2, Funny)

Mike1024 (184871) | more than 6 years ago | (#22472442)

the CEO [...] I'm sure his pocket change could hire a contractor to test this.

I'm not sure the $20 Chinese-made USB hard drive caddy market has produced many millionaire celebrity CEOs :)

Michael

No thanks (1)

Phyrexicaid (1176935) | more than 6 years ago | (#22472072)

The manufacturer of the drive examined has announced that the product is being retooled and will be reintroduced later this year, presumably with actual AES encryption.

Fool me once, shame on you.
Fool me twice, shame on me.

so close (0)

Anonymous Coward | more than 6 years ago | (#22472128)

You *almost* had it correct. Here's a link to the proper syntax.. as read by a man with degrees from both Yale and Harvard [youtube.com]

Re:No thanks (0)

Anonymous Coward | more than 6 years ago | (#22472210)

It's "Fool me once, shame on me. Fool me... can't get fooled again."

Fool.

Trust (5, Insightful)

Mikey-San (582838) | more than 6 years ago | (#22472084)

The manufacturer of the drive examined has announced that the product is being retooled and will be reintroduced later this year, presumably with actual AES encryption.

Trust is a precious resource that you must cultivate; it's not a boomerang. Never risk throwing it away.

Re:Trust (3, Funny)

Agent.Nihilist (1228864) | more than 6 years ago | (#22472190)

Have you ever used a boomerang before?
Someone usually ends up catching it with the back of their head.

I think trust IS a boomerang.

Re:Trust (1)

Yetihehe (971185) | more than 6 years ago | (#22472838)

The REAL australian aboriginal boomerangs never return. Because they are embedded in someone's chest...

Re:Trust (4, Funny)

Anonymous Coward | more than 6 years ago | (#22472204)

Yea, it is so!

The precious resource of trust can only be grown slowly, fed by the nutrients of honesty, the rains of commercial and/or interpersonal interaction, and the sun-like rays of consistency. Like the noble crops of wheat that adorn the fields of the Great Plains, it is only finally harvested in the autumn of our lives. But, unlike those nutritious grains, its wholesomeness fills the belly of our souls every day of our lives.

Nay, trust is _not_ a boomerang.

Re:Trust (1)

Bob Cat - NYMPHS (313647) | more than 6 years ago | (#22472424)

Could you report this on reddit so I can upvote it?

get creative (1)

ILuvRamen (1026668) | more than 6 years ago | (#22472092)

You can never really trust any vendor about any product. For something this important, do it yourself. Rig your drive to explode if the case is opened without flipping the secret switch on the bottom hehehe. Of course, you'd have to have a really secure OS then too.

Re:get creative (2, Funny)

iminplaya (723125) | more than 6 years ago | (#22472254)

Rig your drive to explode...

In today's post 9/11 world, "self destruct" might be more politically correct.

Re:get creative (1)

aproposofwhat (1019098) | more than 6 years ago | (#22472936)

Something like MaxOSX?

Gotta protect yourself against Humungus!

XOR encryption can be good (4, Informative)

corsec67 (627446) | more than 6 years ago | (#22472110)

XOR doesn't immediately mean that it is a crappy form of encryption. One Time Pads [wikipedia.org] can be a very good form of encryption, if the pad is generated correctly and used only once. But, that isn't very useful for encrypting a hard drive. It looks to me like the "encryption" in the box was just a 512 byte key used like a OTP for each sector, which is trivial to break, as the article says.

Stream Ciphers [wikipedia.org] also use XOR, but are much more convenient to use and could very easily be used to encrypt a hard drive.

Re:XOR encryption can be good (5, Interesting)

RupW (515653) | more than 6 years ago | (#22472258)

Stream Ciphers [wikipedia.org] also use XOR, but are much more convenient to use and could very easily be used to encrypt a hard drive.
The problem is that very few stream ciphers allow you to quickly seek to an arbitrary point in the stream - so unless you just want to read the entire drive sequentially you're SOL.

The only exception I've read about is SEAL [wikipedia.org] but IIRC that's still patented by IBM.

Re:XOR encryption can be good (1)

JohnFluxx (413620) | more than 6 years ago | (#22473062)

If it did let you seek to an arbitrary point, then wouldn't it be a block cipher rather than a stream cipher, by definition?

Re:XOR encryption can be good (1)

RupW (515653) | more than 6 years ago | (#22473274)

If it did let you seek to an arbitrary point, then wouldn't it be a block cipher rather than a stream cipher, by definition?
I'm not sure what you're getting at - by what definition?

As I understand it, a block cipher is a transform of clear text X to some ciphertext Y. X will always encrypt to Y for a given key value. You use tricks like CBC with a random IV to make sure that attackers can't exploit that identity.

A stream cipher is a pseudorandom function that you combine with your cleartext in some way, e.g. xor, to encrypt it. X will encrypt to Y1=X+C1 at a given point in the stream and at Y2=X+C2 to a different point in the stream for random values C1 and C2 generated from a given key value.

Re:XOR encryption can be good (0)

Anonymous Coward | more than 6 years ago | (#22473284)

most things i've seen work on a sector basis and each sector is encrypted with a feedback variety of AES. Sector to sector there is no "stream"/continuity, but within a sector, they are.

Re:XOR encryption can be good (5, Informative)

kiltyj (936758) | more than 6 years ago | (#22472280)

To enforce parent's point, many (if not all) of the best modes of operation (CCM, etc) for block ciphers like AES use XOR -- it would be silly to think of cryptography without XOR.

It is also true that one can use AES (ignorantly) in a way that allows decryption as described in the article. Using Electronic codebook (ECB) [wikipedia.org] , for example, with the same key for each block, would provide no security beyond what would be provided by a reused OTP. Sadly (though obviously insecure), this is still technically using AES as a block cipher -- it's just using an insecure mode of operation. My first thought was that the manufacturers used ECB, or a similar insecure mode of operation (trusting the claim of using AES).

From reading the article, though, it seems the manufacturers even admitted only using AES "when saving the RFID chip's ID in the controller's flash memory" and that "actual data encryption is based on an algorithm developed in-house." Just goes to show that if tried-and-true algorithms / ciphers are available, you should NEVER have to develop your own.

Re:XOR encryption can be good (0)

Anonymous Coward | more than 6 years ago | (#22472338)

Much more convenient to use. Security is the antithesis of convenience. And since hard drives already handle data in blocks (either sectors or clusters depending on the level of abstraction you're writing software for) it should be no more convenient to use a block cipher than a stream cipher.

Re:XOR encryption can be good (4, Informative)

Woek (161635) | more than 6 years ago | (#22472354)

XOR is not an encryption method, it's just a binary operation. It's what you XOR your data with that determines if your encryption is good or not. That's what is the problem in this case.

Perfect XOR encryption. (5, Funny)

Ihlosi (895663) | more than 6 years ago | (#22472566)

XOR is not an encryption method, it's just a binary operation. It's what you XOR your data with that determines if your encryption is good or not. That's what is the problem in this case.



Indeed. I XOR the data with itself, making sure that it can never, ever be decrypted.

And a legal battle ensues (1)

grilled-cheese (889107) | more than 6 years ago | (#22472246)

So doesn't this fall under the legal issues with reverse engineering a commercial product, even if it completely disproves their advertising department?

Re:And a legal battle ensues (1)

hakr89 (719001) | more than 6 years ago | (#22472300)

No, you're not reverse engineering their hardware. You're cracking the encrypted data that their hardware put on your hard drive.

Re:And a legal battle ensues (3, Insightful)

palegray.net (1195047) | more than 6 years ago | (#22472310)

Not everyone lives in jurisdictions that consider the act of reverse engineering a cryptographic device illegal. Even at that, generally people would only have a legal case if the reverse engineering / circumvention were to circumvent a copy protection mechanism. IANAL, however.

This is nothing new (4, Interesting)

SchizoDuckie (1051438) | more than 6 years ago | (#22472286)

Actually, this is nothing new. A couple of months ago the dutch colleagues at tweakers.net had a couple of great reports on how crappy the 'fingerprint security' USB drives are. Most of them are ont he same level of crappyness this one is.

The good thing about crypto in a hard drive case (3, Interesting)

kasperd (592156) | more than 6 years ago | (#22472438)

The good thing about having the crypto performed in the enclosure is, that you can perform this kind of analysis. Had the same "encryption" been implemented directly on the disk or in a usb stick, it might not have been noticed, that it was so weak. My take on this is to never trust the crypto performed by such an enclosure unless there is a software implementation doing the exact same thing, and that one has been carefully inspected. The point of doing the encryption in hardware is performance, it does not add any additional security.

Does the key change? (1)

lawrencebillson (1136239) | more than 6 years ago | (#22472496)

Does the XOR key change, or is it common to all of the disks these guys make?

Re:Does the key change? (0)

Anonymous Coward | more than 6 years ago | (#22472534)

It does not matter, as the method to obtain the key is so simple (demonstrated in the article), that you can do it in a few seconds for a new key.

Linux AES better or not? (2, Interesting)

lintux (125434) | more than 6 years ago | (#22472620)

I have an AES-encrypted ext3 partition on some portable drive somewhere (using the encrypted loopback device) and I once had the impression that it has the same problem, just XORing every sector with the same 512-bit key. Am I the onlt one? I don't have the drive here right now to check it out, unfortunately..

How about some product testing. (2, Insightful)

therufus (677843) | more than 6 years ago | (#22472688)

If you make something that has some form of security (anything really) and you promote that it has security, surely the last thing you do before you release it is test your security. In IT especially, if you ever release a product to do with security, you have to expect that there will be a group of nerds (or even one) who will try to hack your security just so they can say they've done it. It's pure embarrassment that such a simple encryption mechanism is locking down a so-called secure device.

Am I wrong?

Re:How about some product testing. (3, Insightful)

Ihlosi (895663) | more than 6 years ago | (#22472744)

Am I wrong?



Yes, you are. You're thinking way too technical and way too little in marketing terms. If you want to make money, the easiest way is to find enough clueless users that will swallow your marketing babble hook, line and sinker and sell your stuff to them.

WTF? (4, Interesting)

EddyPearson (901263) | more than 6 years ago | (#22473120)

Why havn't they been charged with fraud and false advertising.

If I sell you a padlock, claiming that its made of steel, when actually its made of a Silly Putty and rubber bands, then I'm going have my day in court. Why Tech vendors seem TOTALLY immune to this kind of prosecution.

Puts me in mind of SecuLock (was that the name?), they were featured here a while back, they make "secure" USB memory sticks, they claimed AES encryption, killswitches and other bells and whistles, but if you were to have a quick look at one of the DLL's exports, you can see a an Unlock routine. You see, the user's password wasn't used as a key, Oh no, they had one global key and a simple IF to check the passwords.

Though this is much, much worse, it beggars the question; how can we berate employees for losing disks and laptops, when the vendors are happy to look us in the eye and lie to us, about standards that I was able to implement when I was about 16.

It's either government interferance (remember, the USA's law forcing vendors to embed backdoors for them), or its just plain lazy, either way, it's got to stop.

Free encryption tools! Luks is the way to go... (0)

Anonymous Coward | more than 6 years ago | (#22473172)

cross platform standards
free (beer/liberty)

what more do you want?

  • General:
    LUKS Integration [fubar.dk] ,
    Overview [19625600.html]
  • Luks linux automounter:
        cryptsetup (look in your package manager)
  • Windows luks tools:
      FreeOTFE [freeotfe.org]
  • Ext2 for win:
      fs-Driver [fs-driver.org]

Unless there was a really long key. . . (1)

MT628496 (959515) | more than 6 years ago | (#22473182)

Don't forget that with a key that is as long as the message and is random, XOR encryption is not just computationally hard, it is totally unbreakable.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?