|
|
On 8/18/2011 10:57, Orchid XP v8 wrote:
> Maybe if you sent certain requests, the timing of the responce varies in a
> way that tells you something about the encryption key or the password hash
> or the PRNG state. Maybe you can measure power consuption and find out
> useful info. Heck, maybe the temperature varies, or it leaks RF signals.
If it doesn't even respond to USB signals until you've unlocked it, it would
seem to pretty much eliminate side-channel attacks.
> To me, that seems like a very strange way to implement. However, there's no
> particular reason why you can't use the SHA-1 hash of the password to
> AES-encrypt the main AES encryption key. And then changing the password is
> /still/ instant, without having to re-encrypt any data.
Well, yes, that's true. In any case, by the time you've taken that apart,
you can probably brute-force the thing pretty easily. You don't have to
brute-force the entire 160 bit SHA-1 key if you can brute-force the possible
hashes of 5^10 (9 million) possible combinations.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|