Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encryption Cracked On NIST-Certified Flash Drives

Posted by timothy on from the whoopsie-daisy dept.

An anonymous reader writes "USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked by security firm SySS. These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). It looks likes the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations."

6 of 252 comments (clear)

  1. Always sends the same character string by Anonymous Coward · · Score: 2, Funny

    "12345"

    1. Re:Always sends the same character string by pushf+popf · · Score: 3, Funny

      "12345"

      That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

  2. Oops. by Brian+Recchia · · Score: 3, Funny

    Looks like they forgot the ROT13

  3. Re:Article title misleading... by maxume · · Score: 5, Funny

    At least they used an industry standard for the key.

    --
    Nerd rage is the funniest rage.
  4. Re:How does this differ from Truecrypt? by sjames · · Score: 2, Funny

    More to the point, what's the point of a super lock if you're going to tape the key to the door?

  5. Do it 256 times by cromar · · Score: 2, Funny

    No, no, no be sure to do it 256 times. That's the most secure (assuming 8-bit char are used).