Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lexar JumpDrive Password Scheme Cracked

Posted by CmdrTaco on from the now-thats-just-funny dept.

Saint Aardvark writes "Lexar describes the JumpDrive Secure as "loaded with software that lets you password-protect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256-bit AES encryption." @stake has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication." That's why I use ROT-13 for my encryption needs."

32 of 565 comments (clear)

  1. Even worse... by Anonymous Coward · · Score: 5, Insightful

    Why go through all the trouble of attaching a debugger to the process when you can bribe the user to tell you the password with a chocolate bar! Best of all, this trick will still work long after Lexar fixes their security issue.

    1. Re:Even worse... by Anonymous Coward · · Score: 1, Insightful

      who's to say people didnt give fake passwords?

  2. An embarassment of security. by michael+path · · Score: 5, Insightful

    The password is in XOR'd form? Yeah. That's encryption.

    Couldn't the software or driver have stored the password in a MD5 or SHA1 form, and still present a valid authentication mechanism for end users?

    From the article:


    Vendor Response:

    08-05-2004 Vendor contacted via email to support@lexarmedia.com
    No response.
    08-12-2004 Vendor contacted again via email to support, sales
    Public Relations, Investor Relations, and general
    inquiry email addresses.
    08-12-2004 Automated response from support received
    09-13-2004 No further response from vendor, advisory released

    Vendor has not acknowledged issue or produced a fix.

    This is a pretty embarassing non-response.

    The product is only about 5 or 6 months old, and the password was just sitting there. AES is a perfectly fine standard for encryption, but this is an embarassing implementation. Thankfully, I don't know anyone who owns this.

    1. Re:An embarassment of security. by mcpres · · Score: 2, Insightful

      Well it's good to know because I own one. On the bright side if I had ever forgotten my password, I can now retrieve the data. Another point to @stake.

    2. Re:An embarassment of security. by Alizarin+Erythrosin · · Score: 5, Insightful

      The password is in XOR'd form? Yeah. That's encryption.

      Couldn't the software or driver have stored the password in a MD5 or SHA1 form, and still present a valid authentication mechanism for end users?

      Aside from storing the password in XOR'd form, the software checking the password is flawed. It unencrypts the password first, then compared the password entered. Rather then encrypting the password entered and comparing it to the device?

      There may even be better ways than that. I'm not a cryptography person, but that's the first thing that comes to mind.

      --
      There are only 10 kinds of people in this world... those who understand binary and those who don't
    3. Re:An embarassment of security. by benchbri · · Score: 3, Insightful
      I've got one of these, so now you do know someone with one.

      If you're carrying around secure documents/files on a jumpdrive using only the included encryption scheme, you may need a lobotomy. I took one look at the security program that came on the drive, and threw it out. I knew I'd never need it. It wasn't a program that looked like it reeked of security, either. I'm acutally surprized this is the first report of the JumpDrive being cracked.

      Since there are dozens of USB drives on the market, and the're basically the same price (my JumpDrive was the same price as the other 128Mb offerings in Circut City), I wouldn't think a consumer to expect a fairly decent encryption system for free. On top of that, if you're carrying around sensitive documents on your keys, just think: when's the last time you lost your keys?

    4. Re:An embarassment of security. by Anonymous Coward · · Score: 2, Insightful

      I don't get why they store (and check) the password in any way. The password becomes the encryption key for the data. If you enter the correct key you can access the files, if you don't you get garbage...

      So what's the purpose of the stored password?

    5. Re:An embarassment of security. by michael+path · · Score: 2, Insightful

      Dude, *storing* a password that is XORd and using a one time pad are two VERY different things - even if XOR is a common function.

      One Time Pads are as close to a perfect means as is out there. This, well, isn't.

    6. Re:An embarassment of security. by alienw · · Score: 3, Insightful

      Rather then encrypting the password entered and comparing it to the device?

      That would not be any better than it is now.

      The right way to do this would be to use the password to generate an encryption key and encrypt the data with it. Then, the only possible vulnerabilities are the password itself and various known-plaintext attacks.

    7. Re:An embarassment of security. by clambake · · Score: 2, Insightful

      I don't get why they store (and check) the password in any way. The password becomes the encryption key for the data. If you enter the correct key you can access the files, if you don't you get garbage...

      Makes me think there si NO encryption on any of the data... Just a funny driver hack that stops you from reading a certian sector of the drive.

    8. Re:An embarassment of security. by spellraiser · · Score: 2, Insightful
      Good point. This is quite true. XOR is unbreakable provided that your key is random, and is as long as the data you are encrypting. Like you said, this would be a One time pad, and thus perfectly secure. The downside is, of course, that you need a very long key, and can never reuse it.

      However, using a small key and XOR-ing it periodically with the data is very insecure and can be broken easily.

      When one wants security coupled with a (relatively) small, fixed-length, reusable key, block ciphers such as AES are the way to go. The JumpDrive people got this right.

      The article under discussion is short on details, but I can guess from what's said that the JumpDrive software probably generates an AES key from a user-supplied password. This is fine, but the mistake seems to lie in storing the password on the drive itself, 'in an XOR encrypted form'. Now, this probably means that the XOR key that is used to attempt to hide the password is known; i.e. can be gotten from the software.

      Even though the XOR key is as long as the password, this is of course very insecure in this case. It's very easy to recover the password, generate the AES key, and decrypt.

      This only goes to show that any cryptographic method is only as strong as the weakest link.

      --
      I hear there's rumors on the Slashdots
    9. Re:An embarassment of security. by alienw · · Score: 4, Insightful

      If the device actually encrypts the files, it is not necessary to store the password in any form, hashed or otherwise. You can just decrypt the data with the given password and check if the CRC matches to find out if the password is correct or not.

  3. Inevitable? by xanthines-R-yummy · · Score: 4, Insightful
    Isn't this in line with the whole "No machine[usually meaning computer, but in this case a jumpdrive] is secure if the physical box is in the hands of the hacker/criminal."

    I mean, if you have the jumprdrive in your possession it's only a matter of time before you find a weakness to exploit, right?

    1. Re:Inevitable? by mentalflossboy · · Score: 1, Insightful

      But isn't the whole point of a secure drive that it won't allow a hacker/criminal access to your files in the event that they come into possession of the physical drive? In which case JumpDrive failed admirably.

      --
      "I make people like me... WITH VIOLENCE!" - ATHF
  4. That's where the light gets in... by Anonymous Coward · · Score: 1, Insightful

    ... as my fav, Leonard Cohen wrote long ago: "there is a crack, there is a crack in everything, that's where the light gets in."

    And Mr. Cohen is not even a hacker.

  5. I'm fuzzy on something... by ALecs · · Score: 5, Insightful

    Why does the password need to be 'stored' anyway? Isn't that kinda the point?

    Is this some sort of 'encrypted session key' thing where one long, secure password decrypts another shorted one that's used to do the dirty work? Is it stored for key recovery by tech support droids?

    Why store the password? Is this just the worst implementation in the whole world or am I missing something?

    1. Re:I'm fuzzy on something... by savagedome · · Score: 4, Insightful

      Why does the password need to be 'stored' anyway?

      One word: support.

      Ideally, they should not be storing the password on the disk itself at all for it to be a secure drive. But I've seen a lot of these decisions that seem boneheaded because a *lot* of people will forget their passwords and come back *demanding* that you decrypt their shit. If this is someone that even remotely knows the CEO of the company or somebody higher up and if you try to explain them one-way math functions, you will be getting the pink slip in no time.

      Although what these guys did is unpardonable. I mean XOR? Jeez.

      --


      Free XBox, PS2
    2. Re:I'm fuzzy on something... by dpilot · · Score: 2, Insightful

      To give them a little (very little) slack... Some form of the password has to be stored away, so you can validate the user-input password. But this shouldn't be rocket science, since SSH, PGP, GPG, and even PasswordSafe have done exactly this type of thing for aeons. All Lexar has done is put it on a little piece of solid-state removable storage.

      Either they're horribly naive about this stuff, and could/should have done a better job;
      Or the constraints of the device wouldn't let (How can this be on a multi-MB device, I dunno.) do a better job, in which case they shouldn't have brought it to market.

      --
      The living have better things to do than to continue hating the dead.
    3. Re:I'm fuzzy on something... by Punto · · Score: 2, Insightful
      Unfortunately, you'll never be able to crack it, because you don't know what the key was.

      But where do you store this key? do you XOR it with something else? (and what do you do with that something else?) If you use any other more sophisticated method to hide it, why not just use that for the password in the first place? Also, in this case you alredy know what the password is (after all, it's _your_ JumpDrive, whatever that is), so you can xor it and get the 'secret key'. With that, it should be easy to find out what happens to it (even if it's random).

      --

      --
      Stay tuned for some shock and awe coming right up after this messages!

    4. Re:I'm fuzzy on something... by pclminion · · Score: 2, Insightful
      But where do you store this key?

      But that question has nothing to do with XOR, does it?

      My point was simply that XOR is a key-combining operation. The fact that an algorithm uses XOR does not imply insecurity. There are, of course, plenty of bone-headed possible implementations. But none of those problems are the fault of the XOR operation.

  6. This shows once again... by piquadratCH · · Score: 5, Insightful

    ...that the best encryption algorithm is worth nothing if you fuck up the implementation...

  7. Re:Not much detail? by Anonymous Coward · · Score: 1, Insightful

    The OTP is not "next strongest" to anything. It's 100% unbreakable if used properly (ie, don't reuse keys and have a real source of randomness). It's impossible to be any more secure than a one time pad.

  8. Re:DMCA by Alizarin+Erythrosin · · Score: 2, Insightful

    Hopefully Lexar doesn't take the path I'm afraid they will and bust out the DMCA against @stake. That is just a horrible excuse for "security" and it needs to be fixed. Security through obscurity just leaves more opportunity for the evil-minded to steal information (or spread viruses or whatever) by keeping the public unaware of the security flaws.

    --
    There are only 10 kinds of people in this world... those who understand binary and those who don't
  9. Re:DMCA by micromoog · · Score: 4, Insightful

    Yep, the new watchword in American 'security': "Who needs respectable technology when you've got the DMCA?"

  10. Re:Not much detail? by nkh · · Score: 3, Insightful

    Without a doubt it's a xor used with a key length of a few bytes.
    xor + small_key = cypher for dummies, it's an old standard for those who don't care about security.

  11. Re:DMCA by Wubby · · Score: 2, Insightful

    Doesn't that violate DMCA?

    I don't think so. The DMCA pertains to the encryption of copyrighted works. What's the "works" in this case? The "encryption" is on someones personal documents, not Lexar code or works.

    This is just encryption here, not "encrypted works". Circumventing for research is legal under the DMCA, but I'm pretty sure that it doesn't apply here.

    --
    Sig
    Appended to the end of comments you post. 120 chars
  12. Re:A better way to make "secure zones" by chill · · Score: 2, Insightful

    Or...

    You could partition the USB drive. Partition #1 is normal (FAT-12) and partition #2 is mounted via loop-aes.

    Assuming you use Linux or BSD and not Windows.

    The fun part is if you partition 50%/50%, and the drive doesn't have the size printed on it, when a Windows person installs it they will never even see partition #2 unless they go into a partition editor. All they get is an automounted partition #1 -- which is the proper size for the little brother to the model you're using.

    Security through obscurity! (Backed by AES, just in case.)

    --
    Learning HOW to think is more important than learning WHAT to think.
  13. Bleh by Anonymous Coward · · Score: 1, Insightful

    Who needs encryption on flash drives. I just format mine to ext2, knowing that whoever is stupid enough to steal a lousy flash drive probably uses Windows and won't have a clue how to read my data. Best protection evar.

    1. Re:Bleh by bhtooefr · · Score: 2, Insightful

      I know this is a troll, but interesting point. Make it so Winboxes (except those with Ext2 for Windows (or whatever it's called)) can't read it... But there's a couple problems. You might NEED it on Windows eventually (I use Linux on my main computer, but I interact with Windows computers EVERY DAY), and that Ext2 for Windows. The second cancels out the first, but then how do you get it on the box? Carry TWO JumpDrives, or a CD with it burned on?

      Also, if you only work with Win2K/XP boxes, there might be a way to use NTFS encryption, and format it like that. You could also use some Linux filesystem's encryption, and have a FAT12 partition with a driver for that filesystem (AFAIK, you can partition JumpDrives with Linux).

  14. I didn't buy it for the security by digitalgimpus · · Score: 2, Insightful

    I bought it for the following reasons:
    - Good cost per MB
    - Fast
    - Great rebate offer at the time
    - DURABLE! This thing looks a little bulky, but it's rock solid. Thick plastic, really solid. Unlike any other I've seen so far.

    I never used the security stuff. IMHO not worth it. But having such a durable, fast, cheap device was more than worth it to me.

    I don't regret my purchase. It's a solid product. I'd still recommend it.

  15. Re:UPDATE from conversation with Lexar... by fishbowl · · Score: 2, Insightful


    >The ostrich finally wakes up.

    Wrong, he just got you off the phone, while still denying any knowledge of the problem.

    --
    -fb Everything not expressly forbidden is now mandatory.
  16. Re:stupid response #1 by Ayaress · · Score: 2, Insightful

    Actually, in the Christian chronology, the devil is not a destroyer. A trickster, seducer, temptor, etc, yes, but not a destroyer. Armageddon, Sodom and Gamorrah, Noah's Flood, etc. All the epochs of destruction were carried out by God. Noah's Flood is exactly the sort of role Shiva sometimes plays in Hindu myth, which includes the constant cycle of life and death (creation and destruction), but also epochs of massive destrucion used to eliminate something fundamentally wrong with the universe.