Encryption Cracked On NIST-Certified Flash Drives - Slashdot

Slashdot

Encryption Cracked On NIST-Certified Flash Drives 252

Posted by timothy on Tuesday January 05 2010, @02:37PM
from the whoopsie-daisy dept.

An anonymous reader writes "USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked by security firm SySS. These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). It looks likes the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations."

This discussion has been archived. No new comments can be posted.

Encryption Cracked On NIST-Certified Flash Drives

Search 252 Comments Log In/Create an Account

Comments Filter:

Always sends the same character string (Score:2, Funny)

by Anonymous Coward writes: on Tuesday January 05 2010, @02:42PM (#30658466)

"12345"

Share
twitter facebook
Oops. (Score:3, Funny)

by Brian Recchia (1131629) writes: <brian@recchia.name> on Tuesday January 05 2010, @02:43PM (#30658482) Homepage

Looks like they forgot the ROT13

Share
twitter facebook
Re:Article title misleading... (Score:5, Funny)

by maxume (22995) writes: on Tuesday January 05 2010, @03:25PM (#30659060)

At least they used an industry standard for the key.

Parent Share
twitter facebook
Re:Always sends the same character string (Score:4, Funny)

by pushf popf (741049) writes: on Tuesday January 05 2010, @03:25PM (#30659062)

"12345"

That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

Parent Share
twitter facebook
Re:How does this differ from Truecrypt? (Score:3, Funny)

by sjames (1099) writes: on Tuesday January 05 2010, @04:19PM (#30659792) Homepage

More to the point, what's the point of a super lock if you're going to tape the key to the door?

Parent Share
twitter facebook
Do it 256 times (Score:3, Funny)

by cromar (1103585) writes: on Tuesday January 05 2010, @05:47PM (#30661206)

No, no, no be sure to do it 256 times. That's the most secure (assuming 8-bit char are used).

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

473 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
391 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

I know you're in search of yourself, I just haven't seen you anywhere.