Sign Up!
Login
Welcome to The Grim Admin
Monday, March 27 2017 @ 02:39 AM EDT

Encryption Cracked on Certified USB Drives

General News

Just a warning out there to those who use SanDisk, Verbatim, or Kingston USB flash drives and take advantage of their encryption to secure your files that these are easily cracked due to an extremely dim-witted move: the same decryption string is provided when accessing encrypted files no matter what your password is. Meaning, you just have to bypass their authentication program and send this string, which is even the same string on all three of the brands listed at the beginning of this article. Yeesh! Remember folks, these are the same drives that are certified by NIST as FIPS 140-2 Level 2 (PDF) and are used by the American Armed Forces and the US government (for unclassified data).

 

Security expert firm SySS (click here for english link) has created a demo program that can access encrypted files within seconds. You can access their press release and papers here.

 

Read more to see the recalls and security notes from the three flash drive makers...


Depending on which manufacturer built your drive select the appropriate link:

Tag: encryption sandisk verbatim kingston usb flash drives nist what were they thinking

Trackback

Trackback URL for this entry: http://www.grimadmin.com/trackback.php/encryption-cracked-certified-usb-drives

No trackback comments for this entry.

4 comments

The following comments are owned by whomever posted them. This site is not responsible for what they say.

A friend brought up to me that Bruce Schneier posted on his blog a follow-up to the question on how such a device could still be considered certified by NIST with such a glaring flaw.

 

Partial Quote:

The problem is that no one really understands what a FIPS 140-2 certification means. Instead, they think something like: "This crypto thingy is certified, so it must be secure." In fact, FIPS 104-2 Level 2 certification only means that certain good algorithms are used, and that there is some level of tamper resistance and tamper evidence. Marketing departments of security take advantage of this confusion -- it's not only FIPS 140, it's all the security standards -- and encourage their customers to equate conformance to the standard with security.

 

It's an interesting thought and gives a glimpse into some of the issues with marketing vs. truth. Yeah, the devices passed based on the algorithm used to encrypt the data, but the implementation failed miserably.

Authored by: susanfernando on Monday, July 27 2015 @ 07:25 AM EDT Encryption Cracked on Certified USB Drives
Nice discussion! this post its very helpful for me because before 1 month same issue on my USB and my all data lost. mission impossible jackets
Authored by: Anonymous User on Tuesday, February 23 2016 @ 09:10 AM EST Encryption Cracked on Certified USB Drives
Your this post on the encryption cracked on certified USB drives is so informative. A lot of people want to know about these ideas because they have a direct link to it. There is some online assignment writing ideas from the best writers for the people who want to learn about it and this is so good for the people to read from here and apply for their ease.
Authored by: Anonymous User on Monday, March 07 2016 @ 10:36 PM EST Encryption Cracked on Certified USB Drives
The Seventies vibe currently dominating menswear isn't just limited to the clothes on your replica watches - it's also breaking through in swiss replica watches. Nowhere is this better seen right now than with Audemars Piguet's new yellow gold additions to the Royal Oak range - a throwback to the first gold editions of the rolex replica uk timepiece launched in 1977 (although the very first 1972 version was in stainless steel). Unveiled at SIHH 2016 earlier this year, these new Royal Oak Yellow Gold editions - otherwise known by reference 26574BA - will sit alongside the iterations in stainless steel and rose gold that hit the market last year. Available in an extra-thin tourbillon, perpetual calendar (complete with beautiful moonphase dial), chronograph, all with a 41mm case, and a self-winding version with a 37mm case - as well as a blingier breitling replica watches, 33mm quartz model with a diamond-studded bezel for women - they all have a chunky-yet-sophisticated retro vibe.

Advertisement