Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lexar JumpDrive Password Scheme Cracked

Posted by CmdrTaco on from the now-thats-just-funny dept.

Saint Aardvark writes "Lexar describes the JumpDrive Secure as "loaded with software that lets you password-protect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256-bit AES encryption." @stake has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication." That's why I use ROT-13 for my encryption needs."

4 of 565 comments (clear)

  1. In related news... by Artie_Effim · · Score: 0, Offtopic

    all my passwords are on a yellow POST-IT(tm) which I crumble up and put in my pocket, just like Bruce http://www.schneier.com/crypto-gram.html.

  2. JumpDrive sabotaged iBook by rjamestaylor · · Score: 0, Offtopic
    I bought an iBook last Spring (needed a quick replacement to my ailing Dell Inspiron 5150 and didn't want to waste time loading Linux over Windows just to have a useable development box) and everything was going along nicely until I inserted my 256MB JumpDrive into a USB slot...then I saw a kernel panic (or whatever they're called in OSX-land). No problem. I rebooted and...kernel panic. After calling tech support and spending nearly an hour on the phone with Apple support and running various attempts to fix OSX I was instructed to...reload the OS from the CDs. Yes! A Lexar JumpDrive FUBAR'ed my iBook to the extent I had to resort to MCSE tactics!

    I immediately returned the iBook to MicroCenter and demanded (and received) a complete refund without having to pay a restocking fee.


    I am writing this from my new iBook G4 -- which has never seen a Lexar JumpDrive and never shall.

    --
    -- @rjamestaylor on Ello
  3. Re:Even worse... by Marxist+Hacker+42 · · Score: 1, Offtopic

    :-) That's only if you're stupid enough to believe that Shiva is one of the names of God (without knowing what my definition of "God" is). I hate to give away the joke too soon...so I'll wait for the next stupid response to this before cluing people in. :-)

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  4. Re:stupid response #1 by Marxist+Hacker+42 · · Score: 1, Offtopic

    Ok, this will get buried in the responses, so it will get somewhat hidden, which is what I wanted. In the GGP post, the 9 billion names of God refers to an Arthur C. Clarke story in which the ultimate Devil, the Hindu diety Shiva which destroys the universe, will come if this group of monks actually writes down all 9 billion names. In the story, some idiot sells them a computer- and as soon as they program the computer with their writing system, the universe is destroyed.

    I combine this with my Scientific Catholic definition of God as "That force or being which created the universe". Since Shiva is the Destroyer, not the Creator, Shiva simply isn't in the list.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.