NIST Investigating Mass Flash Drive Vulnerability

← Back to Stories (view on slashdot.org)

NIST Investigating Mass Flash Drive Vulnerability

Posted by Soulskill on Friday January 8, 2010 @10:05PM from the 123456-letmein dept.

Lucas123 writes with a followup to news we discussed earlier this week that the encryption on NIST-certified flash drives was cracked. "A number of leading manufacturers of encrypted flash drives have warned their customers of a security flaw uncovered by a German company. The devices in question use the AES 256-bit encryption algorithm and have been certified using the FIPS 140-2, but the flaw appears to circumvent the certification process by uncovering the password authentication code on host systems. The National Institute of Standards and Technology said it's investigating whether it needs to modify its standards to include password authentication software on host systems. Security specialist Bruce Schneier was blunt in his characterization of the flaw: 'It's a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it.'"

7 of 71 comments (clear)

Min score:

Reason:

Sort:

If you want to encrypt your data by MichaelSmith · 2010-01-08 22:13 · Score: 4, Funny

Use PGP. Create a really long key, like 4096 bits.

--
http://michaelsmith.id.au
1. Re:If you want to encrypt your data by PopeRatzo · 2010-01-09 00:55 · Score: 2, Funny
  
  I am still using an Enigma machine that my grandfather brought me back. He stole it from the ennemy while in combat.
  You're the one who's got my grandad's Enigma machine!
  Give it back. You can send it to me here in Argentina.
  
  --
  You are welcome on my lawn.
Re:Encryption algorithm's aren't the weak link by Anonymous Coward · 2010-01-08 22:22 · Score: 3, Funny

Put it in a way /. understands, please.
"It's like having a really huge penis but never leaving your mother's basement."
Re:Encryption algorithm's aren't the weak link by Joce640k · 2010-01-08 23:39 · Score: 4, Funny

The weak link is in the apostrophe.

--
No sig today...
Re:Encryption algorithm's aren't the weak link by jd2112 · 2010-01-09 01:28 · Score: 2, Funny

Just use Quantum Encryption, They'll never crack that.

Oh, nevermind. http://it.slashdot.org/story/09/12/30/2118250/Quantum-Encryption-Implementation-Broken?art_pos=1

--
Any insufficiently advanced magic is indistinguishable from technology.
Re:some vendors got it right... Trust no 1 by AHuxley · 2010-01-09 01:51 · Score: 2, Funny

Why not just say "Microsoft"?

--
Domestic spying is now "Benign Information Gathering"
Yep. by ScrewMaster · 2010-01-09 08:28 · Score: 2, Funny

Security specialist Bruce Schneier was blunt in his characterization of the flaw: 'It's a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it.'"
That's our Bruce.

--
The higher the technology, the sharper that two-edged sword.