lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 29 May 2008 05:12:29 -0000
From: rwann@...vatech.com
To: bugtraq@...urityfocus.com
Subject: Re: [HV-INFO] Enova hardware encryption: false sense of security

------------------------------
Here Enova Technology comments
 
Speaking of X-Wall not being able to hold the secret of the secret key, it is actually an intended engineering design and has been praised by many well known cryptographers. As X-Wall does not equip with any none-volatile memory and all the secret keys reside in the volatile memory, the security of data-at-rest is guaranteed as long as the power is shut down or the computer goes into hibernation state. The design was meant for the authentication part to hold the secret value as it makes sense that secret key will only be released upon correct authentication. Advantage in this design also guarantee there won’t be a risk of secret been extracted going through sophisticated semiconductor layer extraction method.

Speaking of the Enova key fob, there is a reverse diode that safeguards the accidental insertion of the key fob into a real 1394 (firewire) port that carries voltage more than 18 Volts. As a result, damage to the key fob due to mismatch of the firewire port can be avoided.

We would agree that a capable engineer would be able to apply electrical wire onto the serial bus and snoop the protocol to get to the secret key. But this is our simplest and basic design which was engineered to educate/show most of our customers how the X-Wall will be actually functioning. To show the exact opposite, we also engineered a sophisticated FIPS certified smartcard authenticated X-Wall design (to view more details, visit our website at http://www.enovatech.net/products/reference/secureusb_pro.htm). Being said, to snoop an electrical protocol maybe still a bit tougher than simply installing a key logger or camera for the password entry. Anyway, to conduct such hot plug electrical protocol attack, the attacker needs to get hold of the key fob as well as the circuit board and X-Walled hard drive. 

To prevent serial bus sniffing, apply the harden epoxy on the X-Wall such that it creates chemical effect with the molding compound of the X-Wall to effectively avoid such attack as the attempts to use special dissolvent would effectively destroy the molding compound of the X-Wall thus destroy the circuitry. Alternatively, use the FIPS certified authentication mechanism to hold the secret key, which can only be released upon correct authentication.
------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ