Posts by adamsh

Already discovered a year ago - wiping a flash device need not work

1) Marko Rogge discovered this effect trying to wipe out an USB stick, a flash device like a SSD. He published his discovery in https://www.xing.com/net/priedb263x/sicherheit/application-layer-bio-crypto-pen-voip-uce-was-19413/verschlusselung-kann-trugerisch-sein-28202781/p0 and published a white paper http://www.marko-rogge.de/truecrypthinweis.pdf.

2) I was able to verify this effect with older USB sticks and was able to explain this effect due to wear levelling procedures, see https://www.xing.com/net/priedb263x/sicherheit/application-layer-bio-crypto-pen-voip-uce-was-19413/verschlusselung-kann-trugerisch-sein-28202781/28223883/#28223883.

During research against SSD the ATA command set enlightened the background:

3) ATA command 0xf3, "security erase unit", requires only overwriting of USER DATA AREAS, cite "....When Normal Erase mode is specified, the SECURITY ERASE UNIT command shall write binary zeroes to all user data areas (as determined by READ NATIVE MAX or READ NATIVE MAX EXT). IDENTIFY DEVICE or IDENTIFY PACKET DEVICE word 89 gives an estimate of the time required to complete the erasure."

Bingo. They just use their routines for "write sectors" / "erase sectors", writing only to "user data areas" obeying their own wear levelling strategies... See point 2) ;->

4) "The Enhanced Erase mode is optional" and "In Enhanced Erase mode, all previously written user data shall be overwritten, including sectors that are no longer in use due to reallocation..."

To make it clear. Only if and if a feature beyond the standard ("optional") has been implemented, AND the device driver checks against a bit pattern and sets it, the ATA-drive might indeed clear all previously written data .....

5) To summarize it:

Above mentioned behaviour is correct in the sense of the ATA command set.

Everyone could have learned it if they read the data sheets and standards.

Best, Hans Adams

An old issue since the seventies of the last century

Hallo,

when I am asked to execute an order, I have to limit myself to orders given by those who I trust or have to trust (instructors, some [computer] programs, I myself?). Never I may follow those who want me to commit a crime ;->

A software system run under and exposing a certain identity may only trust its own components (libs, taks etc...) or components from other identies the executing identity trusts.

Commonly a software system only needs its own libraries (and subtasks) and those offered by the identity "system". Why should an unidentified component be trusted?

Micorosft itself has built up a whole PKI and forces vendors to sign their components digitally just to avoid execution of untrusted components. Microsoft statement,“Hence, this issue cannot directly be addressed in Windows without breaking expected functionality. Instead, it requires developers to ensure they code secure library loads.", foils the security policy of Microsoft itself.

Evolving dangers by executing untrusted components have been known since the early sixties of the last century, IBM and BULL published basic results around 1966....Some of these results founded the security design of the AS/400 under OS/400.

RBAC/MAC forces a linking policy for processes / tasks run under certain and/or predefined identities. Given this failure Microsoft can not obey basic requirements to fulfill higher protection profiles.

Solaris 10 never allows linking of untrusted libraries against setuid programs or programs executed under uid 0, see http://docs.sun.com/app/docs/doc/816-5165/ld.so.1-1?l=all&a=view, keyword "security".

In summary Microsoft did not learn its lessons from the last half century, and even foils its own security policies --- once again an epic fail.

Sorry, HA

Issues are best known, partly since Shannon!

Just to remember:

1a) Characters in passwords are NOT uniformly distributed.

1b) The sequence of characters in the password build Markov chains of finite orders (2-8).

1c) a) and b) offer ample opportunities for attacks based on statistics.

2) Printable characters encode about six bits, NOT eight bits as claimed often. A password with sixteen characters encodes about 100 bits, NOT 128 bits as claimed. This password is indeed a billion (!) easier (less effort) to crack than claimed.

3) The available integer performance (NOT number crunching as claimed in article) per buck, driven by improvements in GPUs and signal processors for image processing, has already increased by the factor of 10 million since 1990. About 100 Billion (!) integer operation / second are offered for less then 1000 US $ per graphic subsystem. Some workstation vendors offer nineteen of those graphic subsystems, a cage, a main cpu, disks and power supply for about 20000 EURs, about 27000 US $, yielding a sustained integer performance of about one trillion (!) operations / second.

In summary:

Passwords never reached the complexity/entropy expected, due to inherent limits. Meanwhile enough processing power is available to crack actual passwords in days with high success rate...

Therefor passwords / password based authentification must be regarded untrustworthy....

All I wrote above should be common knowledge here, HA expects.