Encryption busted on NIST-certified Kingston, SanDisk and Verbatim USB flash drives
At first I thought this was hyperbole from ZD-Net regarding encryption of some popular USB flash drives.
After reading the article, I’m very surprised at how simple the crack is to implement:
When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.
UPDATE: To clarify, my concern is that the NIST security specification doesn’t include a protocol for how the authentication token is managed. I expected it to be unique between vendors at a minimum.
Encryption busted on NIST-certified Kingston, SanDisk and Verbatim USB flash drives
posted by Paul at 1/06/2010 07:56:00 PM
1 Comments:
Note that the weakness was not the AES encryption itself, but rather terrible handling of the encryption key.
Cybercrime Fighter
http://www.guidemarksecurity.com
Post a Comment
Links to this post:
Create a Link
<< Home