|
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 8/18/2011 1:29, Invisible wrote:
>> Which device was this? I could use something to stick my passwords on.
> ...the irony... it burns...
What's ironic about wanting to put passwords or private keys on an encrypted
portable medium?
> OK, for anyone else wanting to duplicate my results:
Thank you!
> Not necessarily. I'm pretty sure you can buy off-the-shelf components that
> run crypto primitives like AES.
I was thinking it would likely be a core, not a component as such.
> (Also, doesn't the USB protocol require a processor core already? In which
> case, all you have to add is firmware for performing AES.)
That was my point, yes. :-)
> Fundamentally though, it doesn't matter whether AES is in special hardware
> or in firmware. The point is, the encryption is transparent to the host PC.
Right.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 18/08/2011 03:57 PM, Darren New wrote:
> On 8/18/2011 1:29, Invisible wrote:
>>> Which device was this? I could use something to stick my passwords on.
>> ...the irony... it burns...
>
> What's ironic about wanting to put passwords or private keys on an
> encrypted portable medium?
You want to password-protect your passwords? That's just crazy. (The
idea of a password is that you're supposed to /remember/ it. Which makes
it impossible to ever steal.)
Password protecting private key files is another matter. Having the
keyfile on a portable device means it's always with you, you can use it
like a physical key, but if you lose it, the password should stop
anybody else pretending to be you.
>> OK, for anyone else wanting to duplicate my results:
>
> Thank you!
No problem. There's no charge for this service. ;-)
(Just waiting for you to complain that you can't order from the USA now...)
>> Not necessarily. I'm pretty sure you can buy off-the-shelf components
>> that
>> run crypto primitives like AES.
>
> I was thinking it would likely be a core, not a component as such.
I'm not so sure about AES, but its predecessor DES is very, very easy to
implement in hardware. Literally *all* you have to do is a few XOR
operations, rearrange the bits slightly, and implement a few S-boxes.
Each S-box is probably a dozen logic gates. That's really very, very
little hardware at all. An 8-segment display driver probably has more
transistors in it than that. And it's probably very much faster than
doing this in software, where things like complicated bit permutations
are fairly expensive.
(My recollection is that AES involves finite field arithmetic that's
quite fiddly in software, but probably very simple in hardware. I don't
remember a great amount of detail though.)
>> Fundamentally though, it doesn't matter whether AES is in special
>> hardware
>> or in firmware. The point is, the encryption is transparent to the
>> host PC.
>
> Right.
Mmm, I wonder if it's immune to side-channel attacks? >:-D
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Thu, 18 Aug 2011 09:09:56 +0100, Invisible wrote:
>>>> Of course, file by file encryption makes the encryption obvious. Try
>>>> truecrypt instead. :)
>>>
>>> Oh, GPG is quite capable of taking /multiple/ files and encrypting the
>>> entire lot as one binary blob. So all you know is that it's encrypted,
>>> and how big it is. You can't tell how many files are inside, nor what
>>> their uncompressed size is...
>>
>> I haven't looked at GPG in a while, but didn't know it could do that.
>> I'll have to have another look at it.
>
> PGP can encrypt a bunch of files as a self-decrypting executable file.
> Then again, PGP [now] costs money. AFAIK, GPG doesn't have this feature.
Of course, that executable file would probably only run on Windows,
natch. ;)
>> But with Truecrypt, you can encrypt the entire device and there's no
>> indication of anything on it other than just random data.
>
> Sure. There is that. In fact, I'm told there's a number of freeware
> whole-drive encryption products. They're usually applied to HDs, but I
> suppose they should apply equally to portable ones.
>
> I also imagine that such products have to be /installed/ on any machine
> before they can be used. GPG has the advantage that it's just a single
> executable. I mean, the whole point of portable storage is to be, you
> know, /portable/. If I encrypt all my stuff and put it on a flash drive,
> and put a copy of GPG on there as well, I can decrypt on any PC I might
> visit. (Especially if I include a Linux binary as well as a Windows
> one.) If I use Truecrypt or similar, any time I visit another PC I have
> to spend time installing and configuring software before I can access my
> data.
Actually, using Truecrypt on Linux doesn't require system-level access,
and you just run a single executable. The Windows version does use a
filesystem driver, though, so on Windows you do need to install it before
you can use it.
> The same advantages apply to drives with hardware encryption, of
> course...
True.
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: Encrypted storage - sensitive data on non-trustworthy computers
Date: 18 Aug 2011 13:18:47
Message: <4e4d4977$1@news.povray.org>
|
|
|
| |
| |
|
|
On Thu, 18 Aug 2011 11:08:05 +0200, Lars R. wrote:
> GPG and Truecrypt don't have to be “installed” but can be used directly
> from USB drive, sure.
>
> But: If you have sensitive data on your USB drive you never ever should
> decrypt them on a foreign PC, in an Internet café etc. because you
> cannot trust them at all (keylogger, spyware etc.)
Certainly, though you can get a certain degree of security if you also
have a bootable OS, say a Linux LiveCD or LiveUSB. That doesn't remove
hardware keyloggers, of course, but it does remove the software threats.
> Call me paranoid but I distrust any Windows PC (and any other PC that is
> under control of a talented Linux guy) and I would never enter any
> sensitive password on them (neither web mail nor ssh nor crypted USB
> drives etc.)
Using ssh - easy way would be to use public key authentication from a
removable storage device, though I would prefer to boot my own media for
something like that on a public system.
Of course, if you do this in the public library, the staff sometimes can
tend to get a bit testy about it (here in the SLC library, they have
software to restrict your usage to a particular period of time, obviously
that doesn't run if you use your own OS).
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 8/18/2011 8:03, Invisible wrote:
> You want to password-protect your passwords? That's just crazy. (The idea of
> a password is that you're supposed to /remember/ it. Which makes it
> impossible to ever steal.)
You're also supposed to use a different, long password for every site. It's
basically a key locker.
Plus, of course, it has the advantage of being able to store actual
sensitive files in a mildly secure way.
> (Just waiting for you to complain that you can't order from the USA now...)
Unlike some here, I have learned how to use google to find such things are
reviews and local retailers. ;-)
> I'm not so sure about AES, but its predecessor DES is very, very easy to
> implement in hardware.
AES (and, really, almost all the modern block cyphers) are designed that
way. They're all designed to run on smart cards and stuff like that, except
for the "fish" ciphers (blowfish, twofish, etc), iirc, which are
specifically designed to be fast in software.
> Mmm, I wonder if it's immune to side-channel attacks? >:-D
Well, first you have to get to the chip in its encrypted state or something.
I'm (personally) not so worried about it that I think someone's going to
crack the case open and hit it with a logic probe. Indeed, I haven't found
any review that actually says it's encrypting the data on the chip itself.
If it can change the password instantly, I'd doubt the actual data is
encrypted. I did read one review where they cracked it open, took out the
battery for a couple weeks, put it back together, and the PIN was still enabled.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> PGP can encrypt a bunch of files as a self-decrypting executable file.
>> Then again, PGP [now] costs money. AFAIK, GPG doesn't have this feature.
>
> Of course, that executable file would probably only run on Windows,
> natch. ;)
Yeah, I should think so. It also has a nice GUI. ;-)
> Actually, using Truecrypt on Linux doesn't require system-level access,
> and you just run a single executable. The Windows version does use a
> filesystem driver, though, so on Windows you do need to install it before
> you can use it.
That's what I figured, yes.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> I'm not so sure about AES, but its predecessor DES is very, very easy to
>> implement in hardware.
>
> AES (and, really, almost all the modern block cyphers) are designed that
> way. They're all designed to run on smart cards and stuff like that,
> except for the "fish" ciphers (blowfish, twofish, etc), iirc, which are
> specifically designed to be fast in software.
Well, there's "easy" and there's "really easy". DES is really easy. AES
I'm not so sure about, off the top of my head.
But sure. None of these ciphers are "hard" to implement in hardare.
>> Mmm, I wonder if it's immune to side-channel attacks? >:-D
>
> Well, first you have to get to the chip in its encrypted state or
> something. I'm (personally) not so worried about it that I think
> someone's going to crack the case open and hit it with a logic probe.
You don't have to open the case for side-channel attacks to be effective.
Maybe if you sent certain requests, the timing of the responce varies in
a way that tells you something about the encryption key or the password
hash or the PRNG state. Maybe you can measure power consuption and find
out useful info. Heck, maybe the temperature varies, or it leaks RF signals.
Come to think of it, /that/ is the kind of thing I would expect FIPS
certification to be testing for. Anyone can implement AES correctly.
It's not hard to run a few test vectors and confirm that you get the
correct numbers. Making sure that the assembled system is actually
secure is a whole other matter...
> Indeed, I haven't found any review that actually says it's encrypting
> the data on the chip itself. If it can change the password instantly,
> I'd doubt the actual data is encrypted. I did read one review where they
> cracked it open, took out the battery for a couple weeks, put it back
> together, and the PIN was still enabled.
I looked at the FIPS documentation for one of the drives. (Not the one
in the list I gave you, but something similar.) It actually describes,
in vague detail, how the encryption works. It seems it stores the
encryption keys in the clear (?!), and also stores the SHA-1 hash of the
password. So presumably when you change the password, it just updates
the SHA-1 hash.
To me, that seems like a very strange way to implement. However, there's
no particular reason why you can't use the SHA-1 hash of the password to
AES-encrypt the main AES encryption key. And then changing the password
is /still/ instant, without having to re-encrypt any data.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 8/18/2011 10:57, Orchid XP v8 wrote:
> Maybe if you sent certain requests, the timing of the responce varies in a
> way that tells you something about the encryption key or the password hash
> or the PRNG state. Maybe you can measure power consuption and find out
> useful info. Heck, maybe the temperature varies, or it leaks RF signals.
If it doesn't even respond to USB signals until you've unlocked it, it would
seem to pretty much eliminate side-channel attacks.
> To me, that seems like a very strange way to implement. However, there's no
> particular reason why you can't use the SHA-1 hash of the password to
> AES-encrypt the main AES encryption key. And then changing the password is
> /still/ instant, without having to re-encrypt any data.
Well, yes, that's true. In any case, by the time you've taken that apart,
you can probably brute-force the thing pretty easily. You don't have to
brute-force the entire 160 bit SHA-1 key if you can brute-force the possible
hashes of 5^10 (9 million) possible combinations.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Thu, 18 Aug 2011 18:47:33 +0100, Orchid XP v8 wrote:
>>> PGP can encrypt a bunch of files as a self-decrypting executable file.
>>> Then again, PGP [now] costs money. AFAIK, GPG doesn't have this
>>> feature.
>>
>> Of course, that executable file would probably only run on Windows,
>> natch. ;)
>
> Yeah, I should think so. It also has a nice GUI. ;-)
>
>> Actually, using Truecrypt on Linux doesn't require system-level access,
>> and you just run a single executable. The Windows version does use a
>> filesystem driver, though, so on Windows you do need to install it
>> before you can use it.
>
> That's what I figured, yes.
What I wish they had for the Linux version was the option for a hidden OS
like they do with Windows. I may have to image this laptop and see if I
can figure out a way to bodge it together to do that (but I wouldn't be
surprised if it required a special driver in the OS)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 8/18/2011 14:49, Jim Henderson wrote:
> What I wish they had for the Linux version was the option for a hidden OS
> like they do with Windows.
What does that even mean? That you can boot off the trucrypt partition?
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|