MyNym <***@myplace.com> wrote in news:***@4ax.com:
Post by MyNym
Couple years ago, there were published reports that commercial
photocopyiers microencoded a small amount of information in into every
photocopy they made -- was a big surprise at the time.
Not just copiers, printers too (including consumer models).
Post by MyNym
information churned in my head for a while and one day a question
popped into my head about disk encryption (I've used DriveCrypt for
many years but am finally giving up due to the complexity of upgrading
and cost involved). But here's my question; Could hardDrive
manufacturers and/or CPU manufacturers encode tiny amounts of
information into every data stream that is transferred to a harddrive,
(and not actually read the data when retrieving information from the
disk) in order to provide a universal back door for all encryption
systems -- I guess the theoretical qauestion I'm asking is if you know
the original of some of the info on the disk as it was prior to
encryption, and you know or have a pretty good idea of where it landed
on the disk in encrypted form, could you theoretically reverse
engineer the encryption algorithm??
If the hardware has been backdoored, anything is possible.
With that said, the hard disk itself is not a big risk. It only records
what is sent to it, and, with OTFE, no plaintext should ever get near the
HD (unless some other program/process sends it there). Even more
strongly, neither would any key or password (at least from the OTFE
However, the business of a HD is storing data and there's plenty of room
to write significant amounts of data, including hidey-holes like the
"manufacturer's area" which is inaccessible to ordinary users (it's
normally used for SMART info, hardware serial number, etc.). So, plenty
of room to write selected info, but insufficient room to also
surreptitiously write, say, the full plaintext for every encrypted
sector. (Conceivably also, the HD could contain a "virus/trojan" that
installs itself on your computer, but this would be tricky to implement,
and would be awkward to keep updated, etc.)
In short, the HD could be used to assist compromising your security, but
is very unlikely to be the source of the compromise.
There could, at least in principle, be some sort of compromise possible
at the CPU level, but it would be clumsy, unwieldy and inflexible to put
No, discounting hardware keyloggers, video cameras, and such, the
overwhelmingly most likely source of security compromise is "code,"
either as the OS & applications (including viruses/trojans/rootkits,
etc.) or conceivably, embedded in a BIOS (not just the motherboard BIOS -
it could be, for instance, the video BIOS). So, the real threat is
software or firmware, not hardware (and some firmware could be used for
storage of leaked info as well as for the code source for the
If Windows (or an application, virus, etc. running under it) has been
backdoored it would be trivial for it to harvest the encryption
password/key from memory, and just as trivial for it to store it
somewhere (or transmit it, but that is more detectable). Windows, with
its ubiquity and frequent updates, would provide an ideal vector for
compromising encryption security. The updates provide great flexibility
to attack new or upgraded encryption programs as they evolve.
Full disk encryption is IMHO a necessity for adequate security. Yes,
partion/container OTFE programs may themselves be secure but Windows (and
many programs run under it) - even without deliberate backdooring - leak
information all over the place (swap files, temporary files, registry
entries, index.dat files, and on and on). Scrubbing is a very poor way
to address this leakage (it's slow, coverage is questionable, and only
the most disciplined will do it often enough). Full OTFE HD encryption
shuts down all accidental/incidental leakage paths. **It's not an
option, it's a must!** (I know this relegates FreeOTFE to a
subsidiary/auxiliary role, but I calls 'em the way I sees 'em.)
In short, full HD encryption is necessary. Necessary but, alas, not
sufficient. It can shut down all accidental/incidental leaking but not
deliberate leaking. If, say, Windows has been backdoored then it CAN
leak, say, the encryption key to even a fully encrypted HD - *without*
even needing to take advantage of any hidey-holes such as the
manufacturer's area. (I have posted in other forums how a malign program
could leak a harvested encryption key to a full-encrypted HD while still
fully conforming to the HD encryption algorithm!)
In short, if you run backdoored software (e.g, putatively, Windows) then,
even on a fully encrypted machine, your security can easily be defeated.
Ain't life a bitch?
PS Paranoids will insist on Linux (real paranoids will insist on
OpenBSD :-) and only a bare minimum of other open-source apps for their
secure machine. This and *layered* encryption (e.g., container-file OTFE
encryption from one supplier nested within full-HD OTFE encryption from a
different supplier). Unfortunately, this route is too geeky and
inconvenient for many.
PPS The bad news is that it's very hard to protect oneself from, say, a
backdoored OS; the good news is that only the highest-echelon TLAs are
likely to use such methods (but woe to you if such TLAs are part of your