NIST Investigating Mass Flash Drive Vulnerability 71
Lucas123 writes with a followup to news we discussed earlier this week that the encryption on NIST-certified flash drives was cracked.
"A number of leading manufacturers of encrypted flash drives have warned their customers of a security flaw uncovered by a German company. The devices in question use the AES 256-bit encryption algorithm and have been certified using the FIPS 140-2, but the flaw appears to circumvent the certification process by uncovering the password authentication code on host systems. The National Institute of Standards and Technology said it's investigating whether it needs to modify its standards to include password authentication software on host systems. Security specialist Bruce Schneier was blunt in his characterization of the flaw: 'It's a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it.'"
If you want to encrypt your data (Score:5, Funny)
Use PGP. Create a really long key, like 4096 bits.
Re:Encryption algorithm's aren't the weak link (Score:3, Funny)
Put it in a way /. understands, please.
"It's like having a really huge penis but never leaving your mother's basement."
Re:Encryption algorithm's aren't the weak link (Score:5, Funny)
The weak link is in the apostrophe.
Re:If you want to encrypt your data (Score:3, Funny)
You're the one who's got my grandad's Enigma machine!
Give it back. You can send it to me here in Argentina.
Re:Encryption algorithm's aren't the weak link (Score:2, Funny)
Oh, nevermind. http://it.slashdot.org/story/09/12/30/2118250/Quantum-Encryption-Implementation-Broken?art_pos=1 [slashdot.org]
Re:some vendors got it right... Trust no 1 (Score:3, Funny)
Yep. (Score:3, Funny)
Security specialist Bruce Schneier was blunt in his characterization of the flaw: 'It's a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it.'"
That's our Bruce.