YoVDO

Practical Brute Force of Military Grade AES-1024 - Sylvain Pelissier, Boi Sletterink

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Reverse Engineering Courses Encryption Courses Data Integrity Courses

Course Description

Overview

Explore the vulnerabilities discovered in the DataVault encryption software used by major storage device manufacturers in this conference talk. Delve into the analysis process that revealed serious flaws in the "military-grade" encryption claims, including a weak key derivation function, constant salt usage, and malleable data encryption. Learn about the reverse engineering techniques employed, the practical implications of these vulnerabilities, and the development of a John the Ripper plugin for brute-forcing the encryption. Gain insights into the coordinated disclosure process with multiple vendors and the subsequent improvements made to address these security issues.

Syllabus

Intro
Presentation
Background
Signature
PKBDF2
Design problem
Key verification
Openssl
File encryption
File malleability
Disclosure
Background of the company
Vulnerability report
triage
challenges
product combinations
Cybertext reliability
Copy in copy out mode


Taught by

media.ccc.de

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube