Encryption Cracked On NIST-Certified Flash Drives 252
An anonymous reader writes "USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked by security firm SySS. These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). It looks likes the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations."
Always sends the same character string (Score:2, Funny)
"12345"
Oops. (Score:3, Funny)
Re:Article title misleading... (Score:5, Funny)
At least they used an industry standard for the key.
Re:Always sends the same character string (Score:4, Funny)
That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
Re:How does this differ from Truecrypt? (Score:3, Funny)
More to the point, what's the point of a super lock if you're going to tape the key to the door?
Do it 256 times (Score:3, Funny)