Author Topic: Encryption busted  (Read 1160 times)

Offline whitetop

  • E = MC² Mad Scientist
  • *
  • Posts: 1910
  • Post quality +39/-12
  • Gender: Male
  • im not in the ass kissing team
Encryption busted
« on: January 10, 2012, 04:39:01 PM »


A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.

The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.

Cracking the drives is therefore quite an easy process. The folks at SySS wrote an application that always sent the appropriate string to the drive, irrespective of the password entered, and therefore gained immediate access to all the data on the drive.

This is a big deal also from a point of certification. These drives are sold as meeting security standards making them suitable for use with sensitive US Government data (unclassified rating) and have a FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST).

Vendors have had a mixed reaction to the news. Kingston has done the right thing and issued a recall. Verbatim and SanDisk has issued a statement and have updates available, but the threat is downplayed.
come to the rite place if you kiss admins as they promote you to admin.

Offline FOOKz™

  • Hardware Modder
  • Research & Development
  • E = MC² Mad Scientist
  • *
  • Posts: 2070
  • Post quality +37/-2
  • Electronics Expert Electrical Engineer
Re: Encryption busted
« Reply #1 on: January 10, 2012, 04:49:01 PM »
hahahahah why don't we just post our data on facebook for all to see? lmfao


LOL WHAT DO WE HAVE HERE HMMMMMM....? "What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives."
« Last Edit: January 10, 2012, 04:50:13 PM by FOOKz™ »

Follow my Instagram and subscribe to my YouTube

Offline Anonamous

  • The Unknown Identity
  • Granny Spanker
  • *
  • Posts: 472
  • Post quality +14/-1
  • Gender: Male
  • Electrical Engineering Student
Re: Encryption busted
« Reply #2 on: January 10, 2012, 07:31:05 PM »
/facepalm

If you want an encypted flash drive, go with an iron key

 

SMF spam blocked by CleanTalk
SimplePortal 2.3.5 © 2008-2012, SimplePortal