0-duke
commented
9 years ago Shame on me, you're absolutely right! Thanks for pointing this out and for your detailed explanation.
I will try to fix as soon as I can.
Closed gradoisageek closed 9 years ago
0-duke
commented
9 years ago Shame on me, you're absolutely right! Thanks for pointing this out and for your detailed explanation.
I will try to fix as soon as I can.
0-duke
commented
9 years ago It should be fixed now. Thanks gradoisageek for your report.
First thing first. Nice write-up of WD VSCs in python.
The danger is in function "secure_erase" where you miss a crucial point, correctly stated in the work of Dan Lukes you refer to: https://github.com/KenMacD/wdpassport-utils/blob/master/wdutils.c
Bug: For security, you really should supply pseudo random data from the host. Dan Lukes uses arc4random, which WD SW for MAC also uses (was fixed spring 2014). You provide no data from the host.
So:
Setting pw_block[3] = 0x00, like you do by default, tells the drive to exclude key material from your host machine, using only on-device HW PRNG as source for the new key (DEK). This is very bad. These on-device HW PRNGs have issues, depending on model. Setting pw_block[3] = 0x01 mixes host machine bytes with on-device HW PRNG bytes, improving security, given you use a proper host random source.
Have a look at this paper for details: https://eprint.iacr.org/2015/1002.pdf (Table 4 at page 6). Also have a look at slide 33 here for a figure of the "erase" VSC (depending on model): http://hardwear.io/wp-content/uploads/2015/10/got-HW-crypto-slides_hardwear_gunnar-christian.pdf
-gradoisageek-