Lexar JumpDrive Password Scheme Cracked
Saint Aardvark writes "Lexar describes the
JumpDrive Secure as "loaded with software that lets you password-protect
your data. If lost or stolen, you can rest assured that what you've
saved there remains there with 256-bit AES encryption." @stake
has a different take: The password can be observed in memory or
read directly from the device, without evidence of tampering." And
best of all, the punch line: "[The password] is stored in an XOR
encrypted form and can be read directly from the device without any
authentication." That's why I use ROT-13 for my encryption needs."
Three years to get .01% of the way done cracking this before someone realized it was ROT13. ;)
EVERYTHING violates the DMCA. Everything. Even talking about violating the DMCA violates the DMCA.
"I'm just here to regulate funkiness."
That's what happens when you get your security developers from the Cue::Cat Development team. Wasnt' their 'encryption' just XOR or something similar?
It allows those who forget their passwords to quickly access the 'lostpaswd?' file, saving on support calls.
The number one rule of talking about the DMCA and archiving the results, encrypted, on a Lexar JumpDrive.
You do NOT talk about DMCA and archive the results, encrypted, on a Lexar Jumpdrive!
And more importantly, do you even know what "redundant" means?
Horseshit. All my data is XORed against itself before it is written to disk. I assure you that you can't crack it.
-Peter
I was always forgetting important things, like the meaning of the word "redundant." But thanks to the Joe Johnson memory system, I can now remember things like the meaning of the word "redundant." Thanks, Jack!
Copyright 2004, Jake Johannson Memory systems.
"I'm just here to regulate funkiness."
This may sound silly, but how is the "first post" redundant? I mean... first. Mods, you do know what the word "first" means, right?
Xfce: Lighter than some, heavier than others. Just right.
I like those people. They're so stupid. I can get chocolate out of them simply by saying "I use the 9 billion names of God for my passwords. I'm up to Shiva".
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I use ROT-26.
-
You can find the "what with" part by simply XORing again with you key. So to find out what the magic string is, simply buy one of these devices, encrypt some data to it, then locate the encrypted key and XOR you original password with the "encrypted" version.
Doing this with your own device means you are not violating DMCA - trying this out with someone elses device will subject you to the possibility of 57 consecutive life sentences.
There we go.........my little brother won't keep his porn on one of these anymore. haha
-Randy
What a waste of valuable CPU cycles! Here's a speedup that does the same thing much faster:That should run much faster -- standard library functions are always well-optimized.
Just doing my part for data security.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
I've seen a number of posts stating the XOR is unbreakable. Hopefully they're just joking and didn't get modded as such, because I've read in several places that XOR sucks. A quick Google revealed the following.
Hack-FAQ
And I quote: XOR encryption is trivially simply to implement and equally trivial to break. XOR encryption should not be utilized for any data which you would want to protect.
I could go grab my Applied Cryptography book and make sure, but it's out of arms reach right now.
How's this for ROT-13?
Bu abrf! Yrkne = shknerq!
That joke sure was cryptic.
... but I found that the decryption key was inconveniently large, being the same size as the original data.
Since no one else is stupid enough to use that pad, it's a one time pad.
Another milestone in encryption technology - One time Pad CRACKED!
Emergency patch: Now they use the Pad "000000000...."
I think you just killed Schrodinger's Cat.