Re: hardware disk encryption?
From: atom smasher (ngbz_at_fhfcvpvbhf.bet)
Date: 10/17/04
- Next message: nemo outis: "Re: hardware disk encryption?"
- Previous message: nemo outis: "Re: any usb flash-drive with write-protect and zeroize?"
- In reply to:(deleted message) Juergen Nieveler: "Re: hardware disk encryption?"
- Next in thread: Paul Rubin: "Re: hardware disk encryption?"
- Reply: Paul Rubin: "Re: hardware disk encryption?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 17 Oct 2004 11:41:18 -0400
Juergen Nieveler wrote:
> It's not a OTP - I'm thinking of a system that creates a random
> challenge string and generates the symmetric key from the right
> response.
>
> A simple (very simple, I know...) example would work like this:
>
> The challenge is:
> 12345678
>
> The right session key is:
> 12555880
>
> The response to the challenge would be:
> 00210212
>
> As you can see, the response and challenge combined create the session
> key. A keyboard sniffer would only see the response, which would be
> different for every random challenge. An attacker would have to monitor
> both screen and keyboard for at least a few attempts to get enough
> information on the relation between challenge and response.
================
i dunno.... we have to assume that an attacker *can* monitor both inbound
and outbound traffic. the final result (key) will always have to the same,
because it serves as a symmetric key. if an attacker knows the challenge,
the response and the algorithm, they can determine the key either from
eavesdropping the key exchange or interrogating the device. maybe there's
an algorithm where this could work (and be more than pen-and-paper
strength), but it still requires a calculator of some sort to be in the
possesion of the user, which makes it analogous to an OTP system.
the simple way to do this remotely (still not without challenges) is to
build an ssh server and network card into such a device ($5-10 added to
retail cost?). a user can log into the mini-ssh-server, supply a symmetric
key, and instruct the BIOS to continue loading the OS. slightly
oversimplified, but it could work. after booting, i'm sure such a card can
become a network card (in addition to being an encryption card), since it
already has a cable plugged into it.
- Next message: nemo outis: "Re: hardware disk encryption?"
- Previous message: nemo outis: "Re: any usb flash-drive with write-protect and zeroize?"
- In reply to:(deleted message) Juergen Nieveler: "Re: hardware disk encryption?"
- Next in thread: Paul Rubin: "Re: hardware disk encryption?"
- Reply: Paul Rubin: "Re: hardware disk encryption?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
