Encryption Cracked on Certified USB Drives
Monday, January 11 2010 @ 12:25 PM EST
Contributed by: Seker
Just a warning out there to those who use SanDisk, Verbatim, or Kingston USB flash drives and take advantage of their encryption to secure your files that these are easily cracked due to an extremely dim-witted move: the same decryption string is provided when accessing encrypted files no matter what your password is. Meaning, you just have to bypass their authentication program and send this string, which is even the same string on all three of the brands listed at the beginning of this article. Yeesh! Remember folks, these are the same drives that are certified by NIST as FIPS 140-2 Level 2 (PDF) and are used by the American Armed Forces and the US government (for unclassified data).
Read more to see the recalls and security notes from the three flash drive makers...
Depending on which manufacturer built your drive select the appropriate link: