Lexar JumpDrive Password Scheme Cracked

Saint Aardvark writes "Lexar describes the JumpDrive Secure as "loaded with software that lets you password-protect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256-bit AES encryption." @stake has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication." That's why I use ROT-13 for my encryption needs."

Even worse...

Why go through all the trouble of attaching a debugger to the process when you can bribe the user to tell you the password with a chocolate bar! Best of all, this trick will still work long after Lexar fixes their security issue.

An embarassment of security.

[michael+path]

The password is in XOR'd form? Yeah. That's encryption.

Couldn't the software or driver have stored the password in a MD5 or SHA1 form, and still present a valid authentication mechanism for end users?

From the article:


Vendor Response:

08-05-2004 Vendor contacted via email to support@lexarmedia.com
No response.
08-12-2004 Vendor contacted again via email to support, sales
Public Relations, Investor Relations, and general
inquiry email addresses.
08-12-2004 Automated response from support received
09-13-2004 No further response from vendor, advisory released

Vendor has not acknowledged issue or produced a fix.


This is a pretty embarassing non-response.

The product is only about 5 or 6 months old, and the password was just sitting there. AES is a perfectly fine standard for encryption, but this is an embarassing implementation. Thankfully, I don't know anyone who owns this.

Re:An embarassment of security.

[Alizarin+Erythrosin]

The password is in XOR'd form? Yeah. That's encryption.

Couldn't the software or driver have stored the password in a MD5 or SHA1 form, and still present a valid authentication mechanism for end users?

Aside from storing the password in XOR'd form, the software checking the password is flawed. It unencrypts the password first, then compared the password entered. Rather then encrypting the password entered and comparing it to the device?

There may even be better ways than that. I'm not a cryptography person, but that's the first thing that comes to mind.

Re:An embarassment of security.

[benchbri]

I've got one of these, so now you do know someone with one.

If you're carrying around secure documents/files on a jumpdrive using only the included encryption scheme, you may need a lobotomy. I took one look at the security program that came on the drive, and threw it out. I knew I'd never need it. It wasn't a program that looked like it reeked of security, either. I'm acutally surprized this is the first report of the JumpDrive being cracked.

Since there are dozens of USB drives on the market, and the're basically the same price (my JumpDrive was the same price as the other 128Mb offerings in Circut City), I wouldn't think a consumer to expect a fairly decent encryption system for free. On top of that, if you're carrying around sensitive documents on your keys, just think: when's the last time you lost your keys?

Re:An embarassment of security.

[alienw]

Rather then encrypting the password entered and comparing it to the device?

That would not be any better than it is now.

The right way to do this would be to use the password to generate an encryption key and encrypt the data with it. Then, the only possible vulnerabilities are the password itself and various known-plaintext attacks.

Re:An embarassment of security.

[alienw]

If the device actually encrypts the files, it is not necessary to store the password in any form, hashed or otherwise. You can just decrypt the data with the given password and check if the CRC matches to find out if the password is correct or not.

Inevitable?

[xanthines-R-yummy]

Isn't this in line with the whole "No machine[usually meaning computer, but in this case a jumpdrive] is secure if the physical box is in the hands of the hacker/criminal."

I mean, if you have the jumprdrive in your possession it's only a matter of time before you find a weakness to exploit, right?

I'm fuzzy on something...

[ALecs]

Why does the password need to be 'stored' anyway? Isn't that kinda the point?

Is this some sort of 'encrypted session key' thing where one long, secure password decrypts another shorted one that's used to do the dirty work? Is it stored for key recovery by tech support droids?

Why store the password? Is this just the worst implementation in the whole world or am I missing something?

Re:I'm fuzzy on something...

[savagedome]

Why does the password need to be 'stored' anyway?

One word: support.

Ideally, they should not be storing the password on the disk itself at all for it to be a secure drive. But I've seen a lot of these decisions that seem boneheaded because a *lot* of people will forget their passwords and come back *demanding* that you decrypt their shit. If this is someone that even remotely knows the CEO of the company or somebody higher up and if you try to explain them one-way math functions, you will be getting the pink slip in no time.

Although what these guys did is unpardonable. I mean XOR? Jeez.

This shows once again...

[piquadratCH]

...that the best encryption algorithm is worth nothing if you fuck up the implementation...

Re:DMCA

[micromoog]

Yep, the new watchword in American 'security': "Who needs respectable technology when you've got the DMCA?"

Re:Not much detail?

[nkh]

Without a doubt it's a xor used with a key length of a few bytes.
xor + small_key = cypher for dummies, it's an old standard for those who don't care about security.