Slashdot Mirror
Lexar JumpDrive Password Scheme Cracked
Saint Aardvark writes "Lexar describes the
JumpDrive Secure as "loaded with software that lets you password-protect
your data. If lost or stolen, you can rest assured that what you've
saved there remains there with 256-bit AES encryption." @stake
has a different take: The password can be observed in memory or
read directly from the device, without evidence of tampering." And
best of all, the punch line: "[The password] is stored in an XOR
encrypted form and can be read directly from the device without any
authentication." That's why I use ROT-13 for my encryption needs."
Three years to get .01% of the way done cracking this before someone realized it was ROT13. ;)
EVERYTHING violates the DMCA. Everything. Even talking about violating the DMCA violates the DMCA.
"I'm just here to regulate funkiness."
That's what happens when you get your security developers from the Cue::Cat Development team. Wasnt' their 'encryption' just XOR or something similar?
It allows those who forget their passwords to quickly access the 'lostpaswd?' file, saving on support calls.
You will be legally liable for the legal consequences of any attempt to break through this advanced encryption technology.
"It is a greater offense to steal men's labor, than their clothes"
The number one rule of talking about the DMCA and archiving the results, encrypted, on a Lexar JumpDrive.
You do NOT talk about DMCA and archive the results, encrypted, on a Lexar Jumpdrive!
And more importantly, do you even know what "redundant" means?
Horseshit. All my data is XORed against itself before it is written to disk. I assure you that you can't crack it.
-Peter
I was always forgetting important things, like the meaning of the word "redundant." But thanks to the Joe Johnson memory system, I can now remember things like the meaning of the word "redundant." Thanks, Jack!
Copyright 2004, Jake Johannson Memory systems.
"I'm just here to regulate funkiness."
Does it mean using redundant twice in the same one-line post?
That's why I use ROT-13 for my encryption needs
Pshaw...That's real secure! You really should be using double, or better yet, quadruple Rot-13...
This may sound silly, but how is the "first post" redundant? I mean... first. Mods, you do know what the word "first" means, right?
Xfce: Lighter than some, heavier than others. Just right.
I like those people. They're so stupid. I can get chocolate out of them simply by saying "I use the 9 billion names of God for my passwords. I'm up to Shiva".
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Re-check that ip address.
I use ROT-26.
-
That's why I store and transmit all my data as plain text.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Sure, ROT13 is secure. But why not give potential crackers something to cry about: encrypt it twice!
This sig is only here so people stop skipping the last lines of my posts.
a DOS floppy disk, as straight text in a file, called COMMAND.COM. I have a a big red label on the disk, "BOOT".
Noone ever stole any of my passwords.
You can find the "what with" part by simply XORing again with you key. So to find out what the magic string is, simply buy one of these devices, encrypt some data to it, then locate the encrypted key and XOR you original password with the "encrypted" version.
Doing this with your own device means you are not violating DMCA - trying this out with someone elses device will subject you to the possibility of 57 consecutive life sentences.
There we go.........my little brother won't keep his porn on one of these anymore. haha
-Randy
ROT13 ... oooohhhh! 13!!! Shit, I was using 11! No wonder it wasn't working.
No, the password is XORed with itself. It's the ultimate form of protection. Plus the resulting encrypted string can be compressed very tightly, saving disk space.
...because it must be twice as secure!
What a waste of valuable CPU cycles! Here's a speedup that does the same thing much faster:That should run much faster -- standard library functions are always well-optimized.
Just doing my part for data security.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
I've seen a number of posts stating the XOR is unbreakable. Hopefully they're just joking and didn't get modded as such, because I've read in several places that XOR sucks. A quick Google revealed the following.
Hack-FAQ
And I quote: XOR encryption is trivially simply to implement and equally trivial to break. XOR encryption should not be utilized for any data which you would want to protect.
I could go grab my Applied Cryptography book and make sure, but it's out of arms reach right now.
Sounds awfully like a head-in-the-sand approach to security to me.
If you would try that long enough it would probably work. Any data that was in the brain is probably irrecoverable.
For some bizarre reason, this reminded me of a story I once heard somewhere (no longer rememeber where).
Some guy was living with a bunch of others and always had a problem with them drinking up his milk. So one day he simply wrote "Milk Experiment" in big letters on the carton and never had another issue.
That won't work on DOS/Windows, everyone knows you have to terminate strings with CHR$(13)+CHR$(10), unix weenie.
How's this for ROT-13?
Bu abrf! Yrkne = shknerq!
Bah, I use microwave encryption, it even works on Read Only Format devices.
That joke sure was cryptic.
Never use the work "unbreakable" when describing an encryption protocol. Every encryption system (including OTP) is vulnerable to the Karnak attack.
The thing about things we don't know is we often don't know we don't know them.
What an embarassingly easy system to crack. All I need to do is XOR the result with your data...
... but I found that the decryption key was inconveniently large, being the same size as the original data.
> All my data is XORed against itself before it is written to disk.
;-)
I think they call that a one-time pad.
"One-time" 'cause that's how many times you'll try it.
Man, I wish I could mod the moderator. Marking a complaint about a redundant post as redundant?
+1 Funny!!!
Let's go Hurricanes!!! 2006 Stanley Cup Champions!!!
is HELLOWORLD.
just a guess :)
NERDS!!!!
"me" is too short for a decent password :)
karma capped
Since no one else is stupid enough to use that pad, it's a one time pad.
Another milestone in encryption technology - One time Pad CRACKED!
Emergency patch: Now they use the Pad "000000000...."
I think you just killed Schrodinger's Cat.
You don't know what the Karnak attack is, do you? I belive it's related to rubber-hose cryptography.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
you, like he, and like I should just not have posted *anything*
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter