Practical Brute Force of Military Grade AES-1024 - Sylvain Pelissier, Boi Sletterink
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the vulnerabilities discovered in the DataVault encryption software used by major storage device manufacturers in this conference talk. Delve into the analysis process that revealed serious flaws in the "military-grade" encryption claims, including a weak key derivation function, constant salt usage, and malleable data encryption. Learn about the reverse engineering techniques employed, the practical implications of these vulnerabilities, and the development of a John the Ripper plugin for brute-forcing the encryption. Gain insights into the coordinated disclosure process with multiple vendors and the subsequent improvements made to address these security issues.
Syllabus
Intro
Presentation
Background
Signature
PKBDF2
Design problem
Key verification
Openssl
File encryption
File malleability
Disclosure
Background of the company
Vulnerability report
triage
challenges
product combinations
Cybertext reliability
Copy in copy out mode
Taught by
media.ccc.de
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network