Enclosed, but not encrypted
February 21st, 2008 Posted in ComputersEnclosed, but not encrypted
Don’t believe everything you read. Security is on the minds of everyone lately, well it should be. Many companies are playing up their marketing to people promising quick fixes to security and how to make yourself safe in this new frontier. Just like quick weight loss programs, you can’t believe everything you read as much of the marketing is based on FUD. The article sited here is a perfect example of this. The product claims strong encryption, but does not live up to it’s marketing hype.
“A new generation of inexpensive disk drive enclosures using hardware encryption and RFID keys do not fulfil the promises of their publicity. The adverts claim 128-bit AES hardware encryption, but they don’t tell us how it is used.
…
These regular repetitions continued, and the almost identical columns of numbers suggest that the 512-byte sectors of your drive are not in fact encrypted with AES, but merely with a constant 512-byte cipher block applied as an XOR (exclusive OR).
… the bar is so low that even novice attackers will have no trouble getting over it. When decryption is possible at the lowest block level, any possible security provided by the RFID chip becomes completely worthless, so we didn’t conduct any further tests.”
