Practical Brute Force of Military Grade AES-1024 - Sylvain Pelissier, Boi Sletterink

Explore the vulnerabilities discovered in the DataVault encryption software used by major storage device manufacturers in this conference talk. Delve into the analysis process that revealed serious flaws in the "military-grade" encryption claims, including a weak key derivation function, constant salt usage, and malleable data encryption. Learn about the reverse engineering techniques employed, the practical implications of these vulnerabilities, and the development of a John the Ripper plugin for brute-forcing the encryption. Gain insights into the coordinated disclosure process with multiple vendors and the subsequent improvements made to address these security issues.

Intro
Presentation
Background
Signature
PKBDF2
Design problem
Key verification
Openssl
File encryption
File malleability
Disclosure
Background of the company
Vulnerability report
triage
challenges
product combinations
Cybertext reliability
Copy in copy out mode