Slashdot Mirror


Lexar JumpDrive Password Scheme Cracked

Saint Aardvark writes "Lexar describes the JumpDrive Secure as "loaded with software that lets you password-protect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256-bit AES encryption." @stake has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication." That's why I use ROT-13 for my encryption needs."

17 of 565 comments (clear)

  1. And it only took the guys at distributed.net by PrimeWaveZ · · Score: 4, Funny

    Three years to get .01% of the way done cracking this before someone realized it was ROT13. ;)

  2. Dude, by 2names · · Score: 5, Funny

    EVERYTHING violates the DMCA. Everything. Even talking about violating the DMCA violates the DMCA.

    --
    "I'm just here to regulate funkiness."
    1. Re:Dude, by Ignominious+Cow+Herd · · Score: 5, Funny

      So, all we have to do is prove that the DMCA violates the DMCA and it will disappear in a puff of illogic, right?

      --
      Lump lingered last in line for brains, and the ones she got were sorta rotten and insane.
  3. Cue::Cat by althalus · · Score: 4, Funny

    That's what happens when you get your security developers from the Cue::Cat Development team. Wasnt' their 'encryption' just XOR or something similar?

    1. Re:Cue::Cat by artemis67 · · Score: 5, Funny

      that, and their password was "PASSWORD"

  4. It's a "feature" by grunt107 · · Score: 5, Funny

    It allows those who forget their passwords to quickly access the 'lostpaswd?' file, saving on support calls.

  5. The #1 DMCA Rule by Tackhead · · Score: 5, Funny
    > EVERYTHING violates the DMCA. Everything. Even talking about violating the DMCA violates the DMCA.

    The number one rule of talking about the DMCA and archiving the results, encrypted, on a Lexar JumpDrive.

    You do NOT talk about DMCA and archive the results, encrypted, on a Lexar Jumpdrive!

    1. Re:The #1 DMCA Rule by mothz · · Score: 5, Funny
      But if you did talk about the DMCA and encrypt the results, it would require someone else to violate the DMCA to decrypt the results to prove your guilt. Furthermore, it would take someone to even think about violating the DMCA, thereby being in automatic violation of the DMCA, to even suspect that you violated the DMCA.

      Tin-foil hats work, I tell you!

  6. Re:Even worse... by Minwee · · Score: 4, Funny

    And more importantly, do you even know what "redundant" means?

  7. Re:An embarassment of security. by pete-classic · · Score: 5, Funny

    Horseshit. All my data is XORed against itself before it is written to disk. I assure you that you can't crack it.

    -Peter

  8. I couldn't remember what by 2names · · Score: 5, Funny
    "redundant" meant...until I got the Jerry Jackson memory system.

    I was always forgetting important things, like the meaning of the word "redundant." But thanks to the Joe Johnson memory system, I can now remember things like the meaning of the word "redundant." Thanks, Jack!

    Copyright 2004, Jake Johannson Memory systems.

    --
    "I'm just here to regulate funkiness."
  9. Re:Even worse... by Marxist+Hacker+42 · · Score: 5, Funny

    I like those people. They're so stupid. I can get chocolate out of them simply by saying "I use the 9 billion names of God for my passwords. I'm up to Shiva".

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  10. My password is twice as secure as yours!!! by Anonymous Coward · · Score: 5, Funny

    I use ROT-26.

    -

  11. Re:An embarassment of security. by steveha · · Score: 5, Funny
    All my data is XORed against itself before it is written to disk.

    What a waste of valuable CPU cycles! Here's a speedup that does the same thing much faster:
    /* implement "XOR data with itself" security algorithm */
    /* but cleverly don't actually use XOR */
    /* don't forget to null-terminate encrypted data! */

    int
    CopyWithL337XORSecurity(char *in, char *out)
    {
    int length;

    length = strlen(in);

    memset(out, 0, length + 1); /* length + 1 for null termination */

    return length;
    }
    That should run much faster -- standard library functions are always well-optimized.

    Just doing my part for data security.

    steveha
    --
    lf(1): it's like ls(1) but sorts filenames by extension, tersely
  12. Re:An embarassment of security. by SamNmaX · · Score: 4, Funny
    Horseshit. All my data is XORed against itself before it is written to disk. I assure you that you can't crack it.

    That joke sure was cryptic.

  13. FLASH: One Time Pad CRACKED by hugesmile · · Score: 4, Funny
    Somebody told them that a One Time Pad encryption scheme is uncrackable. So they used the pad "11111111111..." and did an XOR.

    Since no one else is stupid enough to use that pad, it's a one time pad.

    Another milestone in encryption technology - One time Pad CRACKED!

    Emergency patch: Now they use the Pad "000000000...."

  14. Somebody call the police by Ayaress · · Score: 4, Funny

    I think you just killed Schrodinger's Cat.