Phil Askey continues to impress us with his crypto savvy

This is a followup to this entry

I noticed that the news article on Lexar LockTight was updated. Did Askey make up for the shortcomings of the original article? Should we now be more confident in Lexar's new product? I'd have to say "no" on both counts. Here's the new text:

Encryption

Lexar has provided us with the following explanation as to how data is protected on the LockTight cards: (we understand that the encryption is carried out on the communications layer between the card and camera/computer rather than the data itself).
"Lexar employs a unique strategy to protect data on LockTight cards. LockTight cards are always "locked". In other words no computer or camera can read or write data from/to a LockTight card until a critical authorization process takes place between the LockTight card and the host computer or host camera. This authorization process is where the 160-bit HMAC SHAH-1 encryption algorithm is employed."

Seems Askey doesn't know the Shah of Iran (maybe that's what SHAH-1 refers to) from the Secure Hash Algorithm (SHA-1). Anyway, now we know something about the technology they're using—HMAC with SHA-1 is a published standard (RFC2404) so there's a chance that they've implemented a fairly secure system that has received public scrutiny. (Not that they didn't badly botch a system using AES, as mentioned earlier)

HMAC is "a mechanism for message authentication using cryptographic hash functions" (RFC2104), not encryption. Calling any of this "encryption" shows how little Askey knows, or how little he expects his readers to know.

HMAC allows the computer or the camera to prove that it knows the same secret as the card does. As described in the article, the camera will transmit its secret to the computer, which is then put on a list of "allowed secrets" stored in the card. So one way to get the contents off the cards is to hook up to an authorized camera for a second or so at the same time as you steal the card.

If you found out that some camera manufacturer gives secrets in a systematic way, and the person you wanted to attack has one of those cameras, you might be able to quickly brute-force the secret by trying only a few million of them instead of the trillions of trillions of trillions of total secrets.

If Lexar has put together a special LockTight chip—which controls all comunication with the PC or digital camera—and a regular flash memory chip inside the CompactFlash package, then you might be able to pry off the outer shell and access the flash memory chip directly. This is likely to be the way the device is constructed, because it will keep Lexar's costs low by using the same flash memory chip as in their other CompactFlash products. It just happens to be at the cost of decreasing the overall security of the system.

Lexar might have designed LockTight to always allow access to a particular code (in this way, they can sell a recovery service when you lose your password)—a code that might leak out some day, completely destroying the security of the system. Or they might have designed some other kind of backdoor for themselves or some third party.

I'd still tell anyone to steer clear of LockTight cards and readers—even if they offer some security against theft of digital photos, they probably don't offer much, and that isn't the kind of theft you're probably worried about anyway.

Entry first conceived on 9 June 2005, 12:39 UTC, last modified on 15 January 2012, 3:46 UTC
Website Copyright © 2004-2024 Jeff Epler