Slashdot Mirror
Cracking a Crypto Hard Drive Case
juct writes "A label on the box reading 'AES' does not ensure that your data are protected. heise examined a hard drive enclosure with an RFID key that is typical of many similar products. They found that the 128-bit AES hardware encryption claimed in advertisements was in fact a simple XOR encryption that they were able to break easily with a known plaintext attack." The manufacturer of the drive examined has announced that the product is being retooled and will be reintroduced later this year, presumably with actual AES encryption.
For God's sake, can't the company's executives be charged under a criminal statute? Fraud, anyone? I guess their next product will use advanced ROT13 encryption technology.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Would something like TrueCrypt, where you can easily look at the source, be a better solution? At the very least, it could avoid problems like these.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
...when you lose the RFID fob?
Does the mfg keep a list of serial #s and RFID keys so they can mail you/thief a replacement?
[Fuck Beta]
o0t!
Yet another reason to encrypt your entire hard-drive with Linux in addition to hardware based encryption. Wish I knew enough to tell if it was working, though. Sure without the keys my hard-drives seems unreadable, but I am not a crypto expert.
"Where have all the good people gone?" - Jack Johnson
This can't possibly be legal. Even the CEO should have an idea if one of their newest product does some highly technical thing which it advertises as a major feature. I don't expect him/her to know how AES works... but he should at least be sure that it is working on the drive. I'm sure his pocket change could hire a contractor to test this.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Fool me once, shame on you.
Fool me twice, shame on me.
The meme is dead, long live the meme!
The manufacturer of the drive examined has announced that the product is being retooled and will be reintroduced later this year, presumably with actual AES encryption.
Trust is a precious resource that you must cultivate; it's not a boomerang. Never risk throwing it away.
Mikey-San
Karma: +Eleventy billion (mostly affected by watching Celebrity Jeopardy)
You can never really trust any vendor about any product. For something this important, do it yourself. Rig your drive to explode if the case is opened without flipping the secret switch on the bottom hehehe. Of course, you'd have to have a really secure OS then too.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
XOR doesn't immediately mean that it is a crappy form of encryption. One Time Pads can be a very good form of encryption, if the pad is generated correctly and used only once. But, that isn't very useful for encrypting a hard drive. It looks to me like the "encryption" in the box was just a 512 byte key used like a OTP for each sector, which is trivial to break, as the article says.
Stream Ciphers also use XOR, but are much more convenient to use and could very easily be used to encrypt a hard drive.
If I have nothing to hide, don't search me
You *almost* had it correct. Here's a link to the proper syntax.. as read by a man with degrees from both Yale and Harvard
TFA says the chip manufacturer was misleading, implying that AES was used for all data when in fact it was used for the key.
That said, the case manufacturers should have tested the product themselves. They should at least offer returns / refunds.
The English word fart is one of the oldest words in the English vocabulary.
Here's a link to the manufacturer's website. Why don't we all ask them what they were thinking?
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
So doesn't this fall under the legal issues with reverse engineering a commercial product, even if it completely disproves their advertising department?
Actually, this is nothing new. A couple of months ago the dutch colleagues at tweakers.net had a couple of great reports on how crappy the 'fingerprint security' USB drives are. Most of them are ont he same level of crappyness this one is.
Quack damn you!
This was a hardware solution. There's reason to want your encryption done in hardware (less CPU load for example).
/. a lot. That the code is open doesn't mean anything because 99.999+% of people can't "easily look at the source" since it won't be meaningful to them. A source audit is only useful if the person doing it is an expert and does a thorough job.
However more importantly, what good does the source really do you? I mean I can get the Truecrypt source, and I can look at it, but it really isn't going to tell me anything other than that I'm not very good at C++. I'm not a programmer by trade, so I certainly can't trace through all the complicated code that makes up a program like Truecrypt (it even includes assembly).
What's more, even if you are a programmer, it doesn't necessairily do you any good. Cryptography is a pretty specialized field and a pretty complex one. So while you might be able to trace through all the code and see what it does, do you have all the cryptographic knowledge to know if it is doing everything right? Can you tell the different between a properly and improperly applied algorithm? Will you notice a minor bug in assembly where they put a JNA instead of a JNAE? You might conclude everything looks fine, but be wrong simply because you don't understand how it works well enough or because the error is non-obvious.
Now please don't misunderstand, I'm not saying I think Truecrypt is untrustworthy. Far from it, I use and trust it. I am just saying that there is the false warm fuzzy myth about OSS that tends to get thrown around on
Well, while that certainly can, and does, happen with OSS, it can happen with closed software as well. Being open doesn't make it inherantly secure, and doesn't mean a normal person can tell.
For that matter, to really check crypto software you don't just need a code audit, it is even more important to do a results audit. Basically you take data, you encrypt it, and then you look at the result and see if it is good. You treat the software like a black box because the question isn't "Is it producing the correct result based on the code," the question is "Is it producing the correct result based on the cryptosystem." If I wanted to audit Truecrypt I wouldn't so much be interested in how it did things internally. Heck, even if I was an expert it might easily have a bug I'd miss (since after all other experts had written it and missed said bug). What I'd be interested in is having it do encryption, then comparing the result against controls. Maybe another AES implementation I knew to be good, maybe one I wrote, maybe a bit of a test worked out by pen and paper, maybe just trying to do cryptographic attacks against the ciphertext..
Regardless of the method, what I'd want to do is verify operation, not design. I imagine that's what they did in this case. Drive claims "this is AES encryption" so they do a little compare and contrast and, what do you know, it isn't.
The good thing about having the crypto performed in the enclosure is, that you can perform this kind of analysis. Had the same "encryption" been implemented directly on the disk or in a usb stick, it might not have been noticed, that it was so weak. My take on this is to never trust the crypto performed by such an enclosure unless there is a software implementation doing the exact same thing, and that one has been carefully inspected. The point of doing the encryption in hardware is performance, it does not add any additional security.
Do you care about the security of your wireless mouse?
Does the XOR key change, or is it common to all of the disks these guys make?
Indeed. I XOR the data with itself, making sure that it can never, ever be decrypted.
I have an AES-encrypted ext3 partition on some portable drive somewhere (using the encrypted loopback device) and I once had the impression that it has the same problem, just XORing every sector with the same 512-bit key. Am I the onlt one? I don't have the drive here right now to check it out, unfortunately..
If you make something that has some form of security (anything really) and you promote that it has security, surely the last thing you do before you release it is test your security. In IT especially, if you ever release a product to do with security, you have to expect that there will be a group of nerds (or even one) who will try to hack your security just so they can say they've done it. It's pure embarrassment that such a simple encryption mechanism is locking down a so-called secure device.
Am I wrong?
You moved your mouse. Please restart Windows for changes to take effect.
Just to put things in perspective for this specific case, full-speed encryption of the I/O traffic of a 2.5" drive would be pretty cheap with today's processors. I happen to have a dev tree of OpenSSL 0.9.9 on my system, and its AES-128 implementation runs at 160 MByte/s (in 64-bit mode) on my dual-core 2.4 GHz Athlon 64. A typical 2.5" drive like the one cracked by Heise has a sequential I/O transfer rate of 50 Mbyte/s. Therefore encrypting at this rate would only require 16% of my CPU time (31% of a core). Or about 7-9% of CPU time of a $270 quad-core 2.4 GHz Intel Core2 Q6600.
Why havn't they been charged with fraud and false advertising.
If I sell you a padlock, claiming that its made of steel, when actually its made of a Silly Putty and rubber bands, then I'm going have my day in court. Why Tech vendors seem TOTALLY immune to this kind of prosecution.
Puts me in mind of SecuLock (was that the name?), they were featured here a while back, they make "secure" USB memory sticks, they claimed AES encryption, killswitches and other bells and whistles, but if you were to have a quick look at one of the DLL's exports, you can see a an Unlock routine. You see, the user's password wasn't used as a key, Oh no, they had one global key and a simple IF to check the passwords.
Though this is much, much worse, it beggars the question; how can we berate employees for losing disks and laptops, when the vendors are happy to look us in the eye and lie to us, about standards that I was able to implement when I was about 16.
It's either government interferance (remember, the USA's law forcing vendors to embed backdoors for them), or its just plain lazy, either way, it's got to stop.
You feel sleepy. Close your eyes. The opinions stated above are yours. You cannot imagine why you ever felt otherwise.
free (beer/liberty)
what more do you want?
LUKS Integration,
Overview
cryptsetup (look in your package manager)
FreeOTFE
fs-Driver
Don't forget that with a key that is as long as the message and is random, XOR encryption is not just computationally hard, it is totally unbreakable.
It's perfectly possible that they have actually implemented AES, they've just done it wrong. It is not uncommon to use AES in Counter Mode or Galois/Counter Mode, especially in high-throughput hardware implementations. This is reasonably strong providing that the key used for each disc block is different (for example by hashing or even just XORing the block ID with the base key). However, if the key is left the same for every block then you would get exactly the effect observed here, and the resulting solution is very weak indeed.
So, it's perfectly possible that they are not lying at all, they just are not very good at crypto.
If intelligent life is too complex to evolve on its own, who designed God?
They used a chipset from INNMAX, the IM7206, believing it provided AES encryption to data. INNMAX's marketing strongly implies that AES encryption is being used for data on disk.
According to the article, when confronted with this situation, INNMAX's response wasCheap Chinese Crap.
"National Security is the chief cause of national insecurity." - Celine's First Law
Sure its "easy" to crack if you know about these things , but the encryption is just meant to protect against casual snooping if the drive is stolen. Lets be honest , most thieves would have trouble spelling their own name on their crack cocaine receipts, what are the odds on them being able to decipher the data on an XOR'd drive? They just want to sell the drive on and the mug who buys it down the pub will find it won't work anyway because he doesn't have the fob. Is he going to hire some hacker from L337D00d5-r-u5 to decode the data for him? Doubt it. Sure theres a possibility but then theres probably a greater possibility of fraudsters going through your garbage or intercepting your post.
Agreed. This is exactly what freecom did when they sold me a usb bluetooth adaptor with an antenna. I dropped it one day, and the little case popped open. OK, that happens; no big deal. What WAS a big deal though, was the antenna -- it was simply a bit of plastic, swinging from a hole in the case. There were no wires attached to this, nothing else near it that even suggested it might have accidentally been shipped with a "placeholder" or something like that. It was simple, unadultered fraud. The antenna might as well have been made by Tomy, which is a shame, as otherwise, it worked fine, and the antenna probably was unnecessary after all (I bought that model FOR it's antenna figuring it wouldn't hurt, and might help).
What do freecom gain from this? Something like $5, I'd guess, after the store etc. take their cuts.
What do they lose? Me, as a an IT industry purchaser, ever buying their products again. Me telling other IT people on slashdot what I think of Freecom.
What could they have done instead, to compete with manufacturer X's? "We're confident in our product's reception/transmission, and have no need for gimmicks like the antennas manufacturer X uses." I probably would have bought a lot more of their stuff after that.
Dumbasses.
Well, welcome to the new world of IT. Now it's official that we got the first fake products that the time has come, IT security has become an issue.
... well, sometimes), later they hired some sort of goons who could credibly talk the average HR guy under the desk in IT babble, and a few went on and hired real IT people.
How do you know? Well, companies finally realize that yes, we want some sort of security. They usually have no idea about it (how should they, their administrators are usually some goons hired from the street who know how to use a mouse, what makes them administrators is that they know that TCP/IP ain't the Chinese secret service. MAYBE they can build a VPN tunnel). But encryption?
You know what the brass level says in this case: "Ain't there some product we can buy?" And in comes stuff like this. Stuff that promises security. Nobody can verify it (in the average company), but their admin might even have heard of AES, knows it's decent and thus buys the product. Why? Hey, it says "AES encryption" on the box!
We'll see a lot more products like this in the near future. Then, in about 2 years, companies will realize that they will have to spend money on people to get real security. It's just like it was with the advent of networking and later when "the internet" came into companies. First, they tried to buy products (which were just as shoddy as this one, promising "easy installation" wonders only to work
It will be the same with security. Today you have the "buying the wonders" phase. Give it two years and companies will start to train or hire security people. Yes, many will stick with the goons with better fast-talking skills than IT skills, but some will go for good security people.
So, personally, I'd start digging into that sector. We'll see more of that soon.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Seriously, how could this be modded troll?
Some people...
Truth arises more readily from error than from confusion. -Francis Bacon
As exciting as this all is, I sure wish I could capitalize on this other guy with my last name doing all this exciting security research!
This space intentionally left blank
Reverse engineering their code I can see they weren't lying afterall....
XOR AX,0031 ; 1
XOR AX,0032 ; 2
XOR AX,0038 ; 8
XOR AX,002D ; -
XOR AX,0062 ; b
XOR AX,0069 ; i
XOR AX,0074 ; t
XOR AX,0041 ; A
XOR AX,0045 ; E
XOR AX,0053 ; S
For some of us, drive encryption has been standard for a long time.
At my job, we implement in software using Winmagic.
At home, I've used Flagstone drives for years. They're expensive (and for that reason I may soon switch to Seagate) but my peace of mind is worth a lot more.
We're trying to get to the point where cryptography for sensitive data is ubiquitous. Who's going to use crypto in the future if the first time that they lose their key, Microsoft tells them, "Sorry. Nothing we can do for you?"
Unfortunately, this is the wrong solution. The right solution would be an escrow keystore, and informing the user of what's going on.
Your entire security chain is broken when you introduce a microsoft product. I don't allow windows machines on my network. When they are detected, they are quarantined. You are crazy if you let a microsoft machine have access to both your network and the outside world.
The only stable state is the one in which all men are equal before the
I'd say it always reduces security, since the data is in the clear between the drive and the computer, it adds yet another part of the system that must be trusted, and it's very hard to verify that the drive is doing any encryption at all.
FIPS 140-2
This is why it exists.
They used their "Advanced Encryption System" to encrypt the data (also known as XOR encryption to industry insiders.) Please don't confuse this with the Advanced Encryption Standard.
NOT !
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"