
Analysis of an encrypted HDD [pdf] - 2510c39011c5
https://www.sstic.org/media/SSTIC2015/SSTIC-actes/hardware_re_for_software_reversers/SSTIC2015-Article-hardware_re_for_software_reversers-czarny_rigo.pdf
======
DanBC
See also "enclosed but not encrypted" for an attack on an encrypted hard drive
enclosure.

[http://www.h-online.com/security/features/Enclosed-but-
not-e...](http://www.h-online.com/security/features/Enclosed-but-not-
encrypted-746199.html)

------
joosters
_While we know the crypto design is a fail, because all the encryption related
data is stored on the drive itself,_...

I don't see why this makes it weaker, could someone explain?

The only apparent weakness I see from this page is that the secret key is a
4-8 digit number, meaning that the device could be realistically brute-forced
by someone who knew the encryption algorithm.

~~~
snassar
The encryption algorithm is immaterial. a 4-8 digit password is just not
strong to survive bruteforcing for more than a day, likely sooner with the
right equipment.

~~~
asherkin
And how do you plan on brute-forcing any password without knowing the
encryption algorithm in use? Which was the parent's point.

You could try all possible passphrases with the wrong algorithm and you
wouldn't get the plaintext, the algorithm is most certainly material.

~~~
snassar
Ah. I misread the initial comment. You are correct and I was too hasty to
comment.

------
ris
Regardless of vulnerabilities, from a data safety/recoverability point of view
it never seems like a good idea to me to use an encryption system that doesn't
have a documented on-disk format.

