Lexar JumpDrive Password Scheme Cracked

← Back to Stories (view on slashdot.org)

Lexar JumpDrive Password Scheme Cracked

Posted by CmdrTaco on Tuesday September 14, 2004 @07:24AM from the now-thats-just-funny dept.

Saint Aardvark writes "Lexar describes the JumpDrive Secure as "loaded with software that lets you password-protect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256-bit AES encryption." @stake has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication." That's why I use ROT-13 for my encryption needs."

6 of 565 comments (clear)

Min score:

Reason:

Sort:

DMCA by Lead+Butthead · 2004-09-14 07:25 · Score: 4, Interesting

Doesn't that violate DMCA?

--
ELOI, ELOI, LAMA SABACHTHANI!?
Not much detail? by Anonymous Coward · 2004-09-14 07:27 · Score: 4, Interesting

XOR'ed with what? XOR is just a method of encryption, not a cypher or anything... it's the basis for the one-time-pad, the strongest encryption method next to quantum encryption.
Tried contacting them... by Vexler · 2004-09-14 07:45 · Score: 4, Interesting

I tried both calling them and trying their live chat feature from their website, but so far no response. The company is in California, and I am calling them about 3:30 PM EDT. So far, no responses from either the phone call (I am still on hold) or the live webchat.

Sounds awfully like a head-in-the-sand approach to security to me.
Snuffle by tepples · 2004-09-14 07:57 · Score: 5, Interesting

Because of this, hashing is irreversable, and therefor only an idiot would use it for encryption. It's proper purpose is for checksuming.

Try telling that to Daniel Bernstein. His "Snuffle" code converts any hash into a cipher. To put it shorter: sampling the output of a well-designed hashing algorithm after every n bytes produces a suitably random bitstream; XORing that against the message produces a stream cipher.
Re:An embarassment of security. by Chris+Mattern · 2004-09-14 07:57 · Score: 4, Interesting

> Thankfully, I don't know anyone who owns this.

I do, and I keep fairly sensitive information on it (in fact, I bought it in order to keep that information handy but secure). But I don't use Lexar's software--never even occured to me to try to use it, as I want to access it in Solaris and Linux. I use GPG; downloaded a GPG for Windows and put it right on the key so that I can use it in any Windows machine as well.

Chris Mattern
This reminds me of an "un-pickable" lock my .... by StressGuy · 2004-09-14 08:07 · Score: 4, Interesting

dad once bought.

It had no keyhole, just a bunch of magnectic "reeds" that would line up when a special magnetic key was put along side of it. My dad had just purchased it that day and was explaining to me how it worked. I asked, "couldn't you just shake it until the reeds lined up?". He tosses the lock to me and says, "here...try it then". I shook the lock for a couple of seconds and, sure enough, it popped right open.

my dad was pretty grumpy for the rest of the day...

--
A goal is a dream with a deadline