On Mon, 23 Feb 2015 12:45:02 +1300 Peter Gutmann wrote: > Henry Baker <hbak...@pipeline.com> writes: > > >BTW, what's the point of AES encryption on this pre-p0wned device? > >More security theatre? > > Almost. Its sole use is for very fast "drive erasure", i.e. you > change the key and the data on it becomes inaccessible. Have a look > at this presentation: > > http://www.snia.org/sites/default/education/tutorials/2012/spring/security/MichaelWillett_Implementing%20Stored-Data_Encryption_2.pdf > > which describes what Samsung (and others) are doing, in particular > slide 18. The decryption key (DEK) is stored in the drive, and is > unlocked using a password (and "authentication key", AK). So to > decrypt the drive you extract the encrypted DEK, brute-force the > password (AK), and you're in.
This is how practically all disk encryption works. Whether or not it's secure depends on the strength of the password + key-file. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
