mailing list archives
Re: How to Test HDD Encryption
From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 13 Nov 2007 19:37:59 +0200 (IST)
On Mon, 12 Nov 2007 infosecofficer () gmail com wrote:
How can we ascertain that the encryption software we have selected
is doing its jobs. A small test like removing the hdd of an
encrypted laptop and attaching it as an external drive on another
laptop shows the drive as unformatted. So far So Good..
But is there any tool available to demonstrate to the management
that even the professionals cannot break in even if they lay their
hands on the drive physically.
The only reasonable way is to review the source code of the encryption
software and generate the binaries with a known-good compiler.
You cannot tell good software from snake-oil by inspecting encrypted
data it generates, for example, suppose that the data is encrypted
with AES but the key is chosen from a list of 1000 predefined keys:
all the data looks perfectly random, but still someone who knows about
the back door can find the key in less than a second.