[144890] in cryptography@c2.net mail archive
QNAP backdoor
daemon@ATHENA.MIT.EDU (Alexander Klimov)
Wed Sep 23 18:57:40 2009
Date: Wed, 23 Sep 2009 12:41:50 +0300 (IDT)
From: Alexander Klimov <alserkli@inbox.ru>
To: cryptography@metzdowd.com
<http://www.securityfocus.com/archive/1/506607>
Overview:
The premium and new line of QNAP network storage solutions allow for
full hard disk encryption. When rebooting, the user has to unlock the
hard disk by supplying the encryption passphrase via the web GUI.
However, when the hard disk is encrypted, a secondary key is created,
added to the keyring, and stored in the flash with minor obfuscation.
Additional Weaknesses:
The backdoor key is generated by rand() calls. As the rand() function
produces random numbers unsuitable for cryptographic keys. The
cryptographic strength of this generated key is approx 2^32, hence
feasible for breaking. This would make access to the flash
unnecessary.
Original Vendor FUD:
"The functionality for encryption the hard disk does not include a
crypto backdoor."
(in response to a user question why two keyslots are allocated, and if
this is because of a backdoor)
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
