YoVDO

Practical Brute Force of Military Grade AES-1024 - Sylvain Pelissier, Boi Sletterink

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Reverse Engineering Courses Encryption Courses Data Integrity Courses

Course Description

Overview

Explore the vulnerabilities discovered in the DataVault encryption software used by major storage device manufacturers in this conference talk. Delve into the analysis process that revealed serious flaws in the "military-grade" encryption claims, including a weak key derivation function, constant salt usage, and malleable data encryption. Learn about the reverse engineering techniques employed, the practical implications of these vulnerabilities, and the development of a John the Ripper plugin for brute-forcing the encryption. Gain insights into the coordinated disclosure process with multiple vendors and the subsequent improvements made to address these security issues.

Syllabus

Intro
Presentation
Background
Signature
PKBDF2
Design problem
Key verification
Openssl
File encryption
File malleability
Disclosure
Background of the company
Vulnerability report
triage
challenges
product combinations
Cybertext reliability
Copy in copy out mode


Taught by

media.ccc.de

Related Courses

Dal Reverse engineering alla stampa 3D
University of Naples Federico II via Federica Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam Generative Design for Industrial Applications
Autodesk via Coursera Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam