[p2p-hackers] Verifying Claims of Full-Disk Encryption in Hard Drive Firmware

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Nov 9 02:12:12 PST 2011

Eugen Leitl <eugen at leitl.org> quotes Tom Ritter <tom at ritter.vg>:

>After reviewing the FIPs approval document for the drive[1], I've tried to
>put together a complete threat model outlining the major classes of attack on
>the hard drive in the interest of being rigorous.

Without wanting to sound too facetious, and mostly out of curiosity, what does
FIPS 140 have to do with the threat modelling you've done?  It doesn't address
the vast majority of the stuff you've listed, so the threat-modelling is kind
of a non-sequitur to "starting with FIPS 140".  If you wanted to deal with
this through a certification process you'd have to go with something like the
CC (and an appropriate PP), assuming the sheer suckage of working with the CC
doesn't tear a hole in the fabric of space-time in the process.


More information about the cypherpunks-legacy mailing list