Western data WD from the encrypted hard drive was traced to the presence of vulnerability-vulnerability warning-the black bar safety net

2015-10-22T00:00:00
ID MYHACK58:62201568148
Type myhack58
Reporter 佚名
Modified 2015-10-22T00:00:00

Description

Researchers said, there are several versions of the encrypted Western Digital hard drive there are many vulnerabilities, the hack once you get to the physical contact of the opportunity, you can easily get inside the data, during which time you can disregard the hard disk password. Western Digital hard disk self encryption The above paper referred to as“also talk about Western Digital hard disk encryption–Self-Encrypting disk security series”, which lists a number of Western Digital My Passport and My Book version of the hard disk of the vulnerability. Hackers exploit these vulnerabilities, can steal a vulnerability exists in the hard disk, its contents is decrypted, whether the password has a lot of random, lengthy. And this series of hard drive products meant for comes through the encryption on the hard disk all the data of the function, so the user does not have to time consuming to use the software to encrypt the hard disk. Many hard drives will use the USB interface connect to PC SATA interface to decrypt the encrypted data, the user enters the correct password, the interface should be locked. In order to prevent a hacker at least every second billions of guesses to try the original plain-text password is added after salt and 1 0 0 0 SHA256 hash iterative encryption. Thousands of miles of dikes collapse in the colony Even if the developer has been very hard, but because of a small leak, resulting in hackers can within a very short time to crack the password. In some cases, the underlying KEY is predictable, because it is from the current computer time to generate the random number. This loophole in the last year is fixed, but the market still exists a large number of disks, and vulnerability. In some cases, a hacker can extract the hard disk of the hash to another computer, for offline crack. Next we want to talk about another vulnerability, it is the equivalent of a back door. With it, the hackers do not know the password, you can decrypt the user's data. There are holes in each hard disk has a default password even if the user reset the password after the original default password key is still stored on the device, a hacker can take to ease the hard disk decryption. Of course, there is also a solution, the user two times to reset the password will be able to solve this problem, but who has the free time to just buy near hard reset two times? Unless it is a forgetful person. This 3 6 Page papers PDF made device built-in encryption of the reliability of the discussion, readers want to ensure that encryption security, perhaps still have to rely on third party professional encryption. Although the encryption is not necessarily perfect, but at least they lasted longer, experienced more of the trials and rain.