October 20, 2015
Some serious cryptographers have bloodied foreheads today. They’ve been facepalming rather vociferously after some rudimentary vulnerabilities were uncovered in Western Digital hard drive encryption, leaving users with a false sense of security and open to data theft. What’s worse, despite working with the researchers to learn more about the weaknesses, Westen Digital told FORBES it has only evaluated the research and did not say whether it had any plans to issue fixes.
Researchers Gunnar Alendal, Christian Kisson and ‘modg’ claimed, in a paper published last month, to have uncovered various issues in Western Digital’s My Passport series of pre-encrypted hard drives. One of the more critical vulnerabilities was the use of easily-guessable data “seeds” used to create the DEK, the data encryption key formed by an algorithm combining a mix of numbers, themselves produced by pseudorandom number generators (PRNGs). Those keys are all that stand between an attacker and the data sitting on the device.