Encryption Cracked On NIST-Certified Flash Drives

An anonymous reader writes "USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked by security firm SySS. These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). It looks likes the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations."

Truecrypt

[Anonymous Coward]

Does this affect Truecrypt using the same encryption mode?

Not completely hardware based encryption then?

[tibman]

Seems that they did in software what should have been done in the hardware. The USB hardware should consider itself safe and the host machine suspect.. atleast in my mind. ATMEL has some good chips like: http://atmel.com/products/securerf/cryptocompanion.asp?family=646 [atmel.com]

So instead of challenge response...

[calmofthestorm]

It involves a predictable post with the same predictable replies all the time...sort of like Fox news, or slashdot;)

Alternatively, instead of challenge-response it's greeting-response.

Re:IronKey?

[RemyBR]

The Ironkey should not be affected. It uses a different approach: first of all, the data on the drive is really encrypted, the drive is not only "locked" with a password. Secondly and most important, there's no validation of the password happening outside the drive (i.e. on a windows/linux/mac application). The application only lets you input your password, which is then validated by the drive itself via a ROM routine.

Re:How does this differ from Truecrypt?

[jimicus]

No, it's actually encrypted. The problem is that the command to unencrypt the data is always the same. In other words, a small little widget can sit between the password program and the encrypted disk, and just send the right command string, regardless of what password was entered. Instant decryption.

But still - why do something like try to reinvent crypto, when there's an open format? The license for Truecrypt even allows for commercial use.

If it was properly encrypted, the decryption would be carried out on the device using a key supplied by the host PC and the device wouldn't be physically capable of decrypting it without the key. As it stands, the most charitable reading of this is that it IS using AES encryption, but it always uses the exact same key regardless of what the enduser does in the software.

Re:How does this differ from Truecrypt?

[silent_artichoke]

This makes it very easy for them to charge $large_chunk_of_money for "data recovery services" in the event you forget your password.

Re:How does this differ from Truecrypt?

[gad_zuki!]

Portable Truecrypt has problems. The user will import their private key or at least have it somewhere they can get to it or use conventional cryptography. So there's a lot of security vulnerabilities right there. Oh, forgot to delete your private key? Now Im cracking the conventional encryption that protects it. TrueCrypt portable requierd admin privs:

Also note that, as regards personal privacy, in most cases, it is not safe to work with sensitive data under systems where you do not have administrator privileges, because the administrator can easily capture and copy the sensitive data, including the passwords and keys.

However, users without administrator privileges cannot encrypt/format partitions, cannot create NTFS volumes, cannot install/uninstall TrueCrypt, cannot change passwords/keyfiles for TrueCrypt partitions/devices, cannot backup/restore headers of TrueCrypt partitions/devices, and they cannot run TrueCrypt in portable mode.

The idea with these drives is that the app can be run from the drive itself, so no extra software or training is needed. No key management. So that really just leaves us conventional cryptography, not public/private key. The problem of having security on your USB drive that gets plugged into various computers that you might not have control over and may be running trojans is tough to solve. Application level encryption is probably the best way to go but it requires standard installs and trust of the host computer.

Youre better off just carrying a netbook or other trusted security device with an encrypted drive and sharing the files via conventional methods with the host without giving the host all your data - email, ftp, web, plaintext transfers, etc.

Re:Who cares?

[Improv]

Some things really are like locking a house - windows passwords, normal unix passwords, etc. With those things, the user expects that someone has or can get access to things anyhow. However, there are many devices that are not so analogous - if there's sophisticated encryption in the hardware and they're selling it as a reasonably secure device, it's more like your neighbourhood bank, where you probably don't expect jane random to read a secret word on the internet to say to the guards that will have them open the vault.

Re:Truecrypt

[kestasjk]

Isn't that fraud? How were they marketed?