Aussi interessant dans cet episode (evidemment aussi disponible en audio):
Steve: And the Verbatim Corporate Secure FIPS Edition. Now, FIPS is the National Institute of Standards and Technology, NIST. That’s its federal security rating system. These devices have all received the FIPS 140-2 Level 2 certificate which validates devices as being secure for use with sensitive government data. And…
Leo: That’s pretty good. I’d take…
Steve: …they are completely hackable.
Steve: They’ve got hardware AES-256 encryption in the key. So they’re not inexpensive. But get a load of this, Leo. You use some software that comes with a key, which of course prompts you for your password. You put your password in. And it does some mumbo jumbo with your password, whatever it is it does. But every single one of them, no matter what your password was, sends the same key string into the AES-256 cipher engine.
Leo: You’d think something at FIPS, at NIST, might have noticed.
Steve: Uh, yes. In fact, embarrassed by this, NIST has said that they will be considering whether they should make changes to their validation process because the USB drives in question met all their criteria.
Leo: Oh, boy.
Steve: So once again, so it’s true that if, as a user, you did not put the right passphrase in, the software would say, oh, sorry, that’s the wrong passphrase. But a security company reverse-engineered the software, wondering what was going on inside. And what they discovered was that there was a fixed key.
Steve: Well, yeah. And what boggles my mind is, again, our listeners understand this. You take and hash the passphrase with a secure hash, and that’s what you use as the key. This is not hard. I mean, that’s all there is to it. In which case the key would be derived from the passphrase through a secure hash and, bang, you’ve got it. I mean, sure, you want to put minimum security requirements on the length of the passphrase and all those things, and it wants to be nonguessable because it would be prone to a brute-force attack, blah blah blah, all the things we know about. But the idea that the passphrase isn’t being used to generate the key, but that the key is fixed, that’s just, I mean, actually it’s a really good lesson because it demonstrates that just saying AES-256 means nothing.