<http://www.securityfocus.com/archive/1/506607>
Overview: The premium and new line of QNAP network storage solutions allow for full hard disk encryption. When rebooting, the user has to unlock the hard disk by supplying the encryption passphrase via the web GUI. However, when the hard disk is encrypted, a secondary key is created, added to the keyring, and stored in the flash with minor obfuscation. Additional Weaknesses: The backdoor key is generated by rand() calls. As the rand() function produces random numbers unsuitable for cryptographic keys. The cryptographic strength of this generated key is approx 2^32, hence feasible for breaking. This would make access to the flash unnecessary. Original Vendor FUD: "The functionality for encryption the hard disk does not include a crypto backdoor." (in response to a user question why two keyslots are allocated, and if this is because of a backdoor) -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com