Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cracking a Crypto Hard Drive Case

Posted by kdawson on from the easy-button dept.

juct writes "A label on the box reading 'AES' does not ensure that your data are protected. heise examined a hard drive enclosure with an RFID key that is typical of many similar products. They found that the 128-bit AES hardware encryption claimed in advertisements was in fact a simple XOR encryption that they were able to break easily with a known plaintext attack." The manufacturer of the drive examined has announced that the product is being retooled and will be reintroduced later this year, presumably with actual AES encryption.

23 of 238 comments (clear)

  1. Re:Criminal prosecution? by Nero+Nimbus · · Score: 5, Funny

    Hey, that's better than ROT26.

  2. Re:Criminal prosecution? by GaryPatterson · · Score: 4, Funny

    It'll be so good, it'll do ROT13 twice!

  3. Re:So what happens... by palegray.net · · Score: 5, Funny

    All the fobs are encoded with the special key: QWERTYUIOP1234567890. Don't worry though, the key is copyrighted internationally and cannot be used without proper authorization. Devilishly ingenious, those wily engineers...

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  4. Re:Criminal prosecution? by dbIII · · Score: 4, Funny

    It's not fraud if it's still AES. In this case AES stands for the claims which are Advanced Equine Stool.

  5. Re:Trust by Agent.Nihilist · · Score: 3, Funny

    Have you ever used a boomerang before?
    Someone usually ends up catching it with the back of their head.

    I think trust IS a boomerang.

  6. Re:Trust by Anonymous Coward · · Score: 4, Funny

    Yea, it is so!

    The precious resource of trust can only be grown slowly, fed by the nutrients of honesty, the rains of commercial and/or interpersonal interaction, and the sun-like rays of consistency. Like the noble crops of wheat that adorn the fields of the Great Plains, it is only finally harvested in the autumn of our lives. But, unlike those nutritious grains, its wholesomeness fills the belly of our souls every day of our lives.

    Nay, trust is _not_ a boomerang.

  7. Re:get creative by iminplaya · · Score: 2, Funny

    Rig your drive to explode...

    In today's post 9/11 world, "self destruct" might be more politically correct.

    --
    What?
  8. Re:Criminal prosecution? by Spy+der+Mann · · Score: 5, Funny

    It'll be so good, it'll do ROT13 twice!

    Hah! That doesn't compare with DOUBLE-XOR encryption! :D

  9. Re:Criminal prosecution? by techno-vampire · · Score: 2, Funny

    Maybe they can can get real technical about it and use ROT 39.

    --
    Good, inexpensive web hosting
  10. Re:Criminal prosecution? by Anonymous Coward · · Score: 5, Funny

    Double-ROT-13 is funny
    Quadruple-ROT-13 is twice as funny
    Sextuple-ROT-13 is thrice as funny, and gets a two bonus points for the 's-e-x' string in it
    Octuple-ROT-13 is twice twice as funny, and gets a bonus point for sounding a bit like the word 'octopus', which has 'p-u-s' in it, which sounds a bit like 'pussy', which is a synonym for 'vagina', which is related to 'sex'
    Decuple-ROT-13 is twice plus thrice as funny
    Duodecuple-ROT-13 is twice thrice as funny

    After that it just gets lame.

  11. Re:This has to be illegal by Mike1024 · · Score: 2, Funny

    the CEO [...] I'm sure his pocket change could hire a contractor to test this.

    I'm not sure the $20 Chinese-made USB hard drive caddy market has produced many millionaire celebrity CEOs :)

    Michael

    --
    "Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
  12. Perfect XOR encryption. by Ihlosi · · Score: 5, Funny
    XOR is not an encryption method, it's just a binary operation. It's what you XOR your data with that determines if your encryption is good or not. That's what is the problem in this case.



    Indeed. I XOR the data with itself, making sure that it can never, ever be decrypted.

  13. Re:How about a software solution? by palegray.net · · Score: 3, Funny

    I followed your advice and dug out a hard drive full of BASIC code from 15 years ago... I replaced all the GOTOs with GOSUBs and feel much more secure!

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  14. Re:Criminal prosecution? by jmv · · Score: 4, Funny

    I do double-xor with a one-time pad. I've even figured out a way to do what without having to give the one-time-pad to the recipient, so I guess it counts as asymmetric cryptography.

    --
    Opus: the Swiss army knife of audio codec
  15. Re:Criminal prosecution? by pyite · · Score: 4, Funny

    Is ROT13 a group? We may never know...

    After much work, I have proved that ROT forms a group under functional composition. I shall call it "the rotation group." This comment field, however, is simply too small to contain the proof.

    --

    "Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman

  16. Re:Criminal prosecution? by TheVelvetFlamebait · · Score: 4, Funny

    Can you please repost your comment in plain text? Most of us can't be bothered decrypting your message.

    --
    You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
  17. Re:Criminal prosecution? by garutnivore · · Score: 2, Funny

    Hmm... after that you are inducing bit rot.

  18. Re:Criminal prosecution? by alexgieg · · Score: 5, Funny

    Octuple-ROT-13 is twice twice as funny, and gets a bonus point for sounding a bit like the word 'octopus', which has 'p-u-s' in it. . .
    And tentacles.
    --
    Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
  19. Re:Criminal prosecution? by Opportunist · · Score: 2, Funny

    You'll see that used a lot for encryption with the Hentai crowd.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  20. Re:Trust by Opportunist · · Score: 2, Funny

    So the analogy is flawed. Boomerangs are not a tool for protection but for cracking.

    Guess the Germans are going to outlaw them in a bit.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  21. Re:Criminal prosecution? by pnewhook · · Score: 4, Funny

    I agree completely - open source or nothing. But you would not BELIEVE the hassle I get checking into an airline when I refuse to let them close the door and take off until I've inspected all of their flight code. Bunch of unreasonable pricks.

    --
    Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
  22. Re:Criminal prosecution? by somersault · · Score: 3, Funny

    Tell me about it. I accidentally bricked an AIBO when reverse enegineering the OS to make sure that it wasn't going to try and chew on anyone's ankles or purposely try to trip them up. The kids were crying and bitching for weeks, but it was obviously for their own good.

    --
    which is totally what she said
  23. Actual source code used proves company didn't lie! by Anonymous Coward · · Score: 1, Funny

    Reverse engineering their code I can see they weren't lying afterall....

    XOR AX,0031 ; 1
    XOR AX,0032 ; 2
    XOR AX,0038 ; 8
    XOR AX,002D ; -
    XOR AX,0062 ; b
    XOR AX,0069 ; i
    XOR AX,0074 ; t
    XOR AX,0041 ; A
    XOR AX,0045 ; E
    XOR AX,0053 ; S