The Great Zero Challenge
Jim Murray
ukcrypto at chiark.greenend.org.uk
Sun, 14 Sep 2008 11:44:06 +0100
Dan Beale-Cocks wrote:
> Be aware that some drive encryption is pretty lousy. And some external
> drive enclosures have terrible cryptography.
>
> C'T magazine have an article here:
> http://www.heise-online.co.uk/security/Enclosed-but-not-encrypted--/features/110136
>
>
> Which describes a drive that uses "128 bit AES encryption" (a secure
> scheme) but only uses it to store the RFID chip's ID in the controller's
> internal memory. All the data was encrypted using a "proprietary
> algorithm" (almost always hopelesly weak).
Very true. As with all things involving encryption you have to be wary
of snake-oil merchants selling things that aren't what they appear to be.
Probably the best guide is to look for official certification of the
encryption scheme used (NIST for AES encryption) and ensure that the
certification covers the encryption scheme used for the entire drive -
if in doubt ask before purchase and get the answer in writing!
Anything that mentions 'proprietary algorithm' anywhere should be
considered highly suspect and avoided!
Jim
--
DigitalDaemons IT Services.
---------------------------------------
E-Mail : jim@digitaldaemons.co.uk
PGP Key ID : 0xB7066495