Slashdot Mirror


Lexar JumpDrive Password Scheme Cracked

Saint Aardvark writes "Lexar describes the JumpDrive Secure as "loaded with software that lets you password-protect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256-bit AES encryption." @stake has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication." That's why I use ROT-13 for my encryption needs."

24 of 565 comments (clear)

  1. And it only took the guys at distributed.net by PrimeWaveZ · · Score: 4, Funny

    Three years to get .01% of the way done cracking this before someone realized it was ROT13. ;)

  2. Dude, by 2names · · Score: 5, Funny

    EVERYTHING violates the DMCA. Everything. Even talking about violating the DMCA violates the DMCA.

    --
    "I'm just here to regulate funkiness."
    1. Re:Dude, by Ignominious+Cow+Herd · · Score: 5, Funny

      So, all we have to do is prove that the DMCA violates the DMCA and it will disappear in a puff of illogic, right?

      --
      Lump lingered last in line for brains, and the ones she got were sorta rotten and insane.
  3. Cue::Cat by althalus · · Score: 4, Funny

    That's what happens when you get your security developers from the Cue::Cat Development team. Wasnt' their 'encryption' just XOR or something similar?

    1. Re:Cue::Cat by artemis67 · · Score: 5, Funny

      that, and their password was "PASSWORD"

  4. It's a "feature" by grunt107 · · Score: 5, Funny

    It allows those who forget their passwords to quickly access the 'lostpaswd?' file, saving on support calls.

  5. The #1 DMCA Rule by Tackhead · · Score: 5, Funny
    > EVERYTHING violates the DMCA. Everything. Even talking about violating the DMCA violates the DMCA.

    The number one rule of talking about the DMCA and archiving the results, encrypted, on a Lexar JumpDrive.

    You do NOT talk about DMCA and archive the results, encrypted, on a Lexar Jumpdrive!

    1. Re:The #1 DMCA Rule by mothz · · Score: 5, Funny
      But if you did talk about the DMCA and encrypt the results, it would require someone else to violate the DMCA to decrypt the results to prove your guilt. Furthermore, it would take someone to even think about violating the DMCA, thereby being in automatic violation of the DMCA, to even suspect that you violated the DMCA.

      Tin-foil hats work, I tell you!

    2. Re:The #1 DMCA Rule by mattyrobinson69 · · Score: 3, Funny

      i use a uranium hat - it protects the data in my brain, like file shredding, except better

  6. Re:Even worse... by Minwee · · Score: 4, Funny

    And more importantly, do you even know what "redundant" means?

  7. Re:An embarassment of security. by pete-classic · · Score: 5, Funny

    Horseshit. All my data is XORed against itself before it is written to disk. I assure you that you can't crack it.

    -Peter

  8. I couldn't remember what by 2names · · Score: 5, Funny
    "redundant" meant...until I got the Jerry Jackson memory system.

    I was always forgetting important things, like the meaning of the word "redundant." But thanks to the Joe Johnson memory system, I can now remember things like the meaning of the word "redundant." Thanks, Jack!

    Copyright 2004, Jake Johannson Memory systems.

    --
    "I'm just here to regulate funkiness."
  9. Re:DMCA by kelnos · · Score: 3, Funny

    This may sound silly, but how is the "first post" redundant? I mean... first. Mods, you do know what the word "first" means, right?

    --
    Xfce: Lighter than some, heavier than others. Just right.
  10. Re:Even worse... by Marxist+Hacker+42 · · Score: 5, Funny

    I like those people. They're so stupid. I can get chocolate out of them simply by saying "I use the 9 billion names of God for my passwords. I'm up to Shiva".

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  11. My password is twice as secure as yours!!! by Anonymous Coward · · Score: 5, Funny

    I use ROT-26.

    -

  12. Re:Not much detail? by PhilipPeake · · Score: 3, Funny
    This is actually a clever sales gimmick.

    You can find the "what with" part by simply XORing again with you key. So to find out what the magic string is, simply buy one of these devices, encrypt some data to it, then locate the encrypted key and XOR you original password with the "encrypted" version.

    Doing this with your own device means you are not violating DMCA - trying this out with someone elses device will subject you to the possibility of 57 consecutive life sentences.

  13. *holds down shift* by ARRRLovin · · Score: 3, Funny

    There we go.........my little brother won't keep his porn on one of these anymore. haha

    --
    -Randy
  14. Re:An embarassment of security. by steveha · · Score: 5, Funny
    All my data is XORed against itself before it is written to disk.

    What a waste of valuable CPU cycles! Here's a speedup that does the same thing much faster:
    /* implement "XOR data with itself" security algorithm */
    /* but cleverly don't actually use XOR */
    /* don't forget to null-terminate encrypted data! */

    int
    CopyWithL337XORSecurity(char *in, char *out)
    {
    int length;

    length = strlen(in);

    memset(out, 0, length + 1); /* length + 1 for null termination */

    return length;
    }
    That should run much faster -- standard library functions are always well-optimized.

    Just doing my part for data security.

    steveha
    --
    lf(1): it's like ls(1) but sorts filenames by extension, tersely
  15. XOR Encryption is NOT unbreakable by bahamutirc · · Score: 3, Funny

    I've seen a number of posts stating the XOR is unbreakable. Hopefully they're just joking and didn't get modded as such, because I've read in several places that XOR sucks. A quick Google revealed the following.

    Hack-FAQ

    And I quote: XOR encryption is trivially simply to implement and equally trivial to break. XOR encryption should not be utilized for any data which you would want to protect.

    I could go grab my Applied Cryptography book and make sure, but it's out of arms reach right now.

  16. ROT-13? by AyeRoxor! · · Score: 3, Funny

    How's this for ROT-13?

    Bu abrf! Yrkne = shknerq!

  17. Re:An embarassment of security. by SamNmaX · · Score: 4, Funny
    Horseshit. All my data is XORed against itself before it is written to disk. I assure you that you can't crack it.

    That joke sure was cryptic.

  18. I tried that... by Gordonjcp · · Score: 3, Funny

    ... but I found that the decryption key was inconveniently large, being the same size as the original data.

  19. FLASH: One Time Pad CRACKED by hugesmile · · Score: 4, Funny
    Somebody told them that a One Time Pad encryption scheme is uncrackable. So they used the pad "11111111111..." and did an XOR.

    Since no one else is stupid enough to use that pad, it's a one time pad.

    Another milestone in encryption technology - One time Pad CRACKED!

    Emergency patch: Now they use the Pad "000000000...."

  20. Somebody call the police by Ayaress · · Score: 4, Funny

    I think you just killed Schrodinger's Cat.