On 18/08/2011 07:39 PM, Darren New wrote:
> On 8/18/2011 10:57, Orchid XP v8 wrote:
>> Maybe if you sent certain requests, the timing of the responce varies
>> in a
>> way that tells you something about the encryption key or the password
>> hash
>> or the PRNG state. Maybe you can measure power consuption and find out
>> useful info. Heck, maybe the temperature varies, or it leaks RF signals.
>
> If it doesn't even respond to USB signals until you've unlocked it, it
> would seem to pretty much eliminate side-channel attacks.

Oh, well, if you're talking about the one with the combination lock 
(which *isn't* FIPS certified) then yeah. The most you could worry about 
is RF leakage, or maybe heat. (But you would need some damned sensitive 
thermometers to measure that.) I would imagine RF output is both very 
easy to check for and shield against.

I was thinking more about the ones where you insert the USB drive and it 
asks for a password before it will let you see the encrypted partition.

>> To me, that seems like a very strange way to implement. However,
>> there's no
>> particular reason why you can't use the SHA-1 hash of the password to
>> AES-encrypt the main AES encryption key. And then changing the
>> password is
>> /still/ instant, without having to re-encrypt any data.
>
> Well, yes, that's true. In any case, by the time you've taken that
> apart, you can probably brute-force the thing pretty easily. You don't
> have to brute-force the entire 160 bit SHA-1 key if you can brute-force
> the possible hashes of 5^10 (9 million) possible combinations.

Oh, sure, the password or PIN or whatever is *clearly* the weakest point 
in the system. (Assuming the RNG isn't broken...)

Post a reply to this message