Slashdot Mirror

← Back to Stories (view on slashdot.org)

NIST Investigating Mass Flash Drive Vulnerability

Posted by Soulskill on from the 123456-letmein dept.

Lucas123 writes with a followup to news we discussed earlier this week that the encryption on NIST-certified flash drives was cracked. "A number of leading manufacturers of encrypted flash drives have warned their customers of a security flaw uncovered by a German company. The devices in question use the AES 256-bit encryption algorithm and have been certified using the FIPS 140-2, but the flaw appears to circumvent the certification process by uncovering the password authentication code on host systems. The National Institute of Standards and Technology said it's investigating whether it needs to modify its standards to include password authentication software on host systems. Security specialist Bruce Schneier was blunt in his characterization of the flaw: 'It's a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it.'"

24 of 71 comments (clear)

  1. If you want to encrypt your data by MichaelSmith · · Score: 4, Funny

    Use PGP. Create a really long key, like 4096 bits.

    --
    http://michaelsmith.id.au
    1. Re:If you want to encrypt your data by MichaelSmith · · Score: 2, Interesting

      Bah, instead, I am still using an Enigma machine that my grandfather brought me back. He stole it from the ennemy while in combat.

      http://en.wikipedia.org/wiki/Enigma_machine

      You should count yourself lucky that Alan Turing died all those years ago, otherwise your data could be compromised.

      --
      http://michaelsmith.id.au
    2. Re:If you want to encrypt your data by ls671 · · Score: 3, Interesting

      > otherwise your data could be compromised.

      With this ? :

      http://en.wikipedia.org/wiki/File:Bombe-rebuild.jpg

      Too complex to maintain in good working order. ;-))

      --
      Everything I write is lies, read between the lines.
    3. Re:If you want to encrypt your data by snemarch · · Score: 4, Informative

      Not really applicable to a hardware device.

      Also, keep in mind that RSA by itself is much too slow to encrypt large amounts of data; thus, PGP and other solutions only use RSA to encrypt a symmetric cipher, which is then used for the bulk encryption.

      Standard AES-256 is actually just fine, problem with these devices is that the manufacturers screwed up the implementation *majorly* (as I understand it, use the same key for every device and depend on a usermode app to say GOOD_GUY/BAD_GUY to the hardware) - but that's covered elsewhere.

      --
      Coffee-driven development.
    4. Re:If you want to encrypt your data by MK_CSGuy · · Score: 3, Insightful

      I think simply implementing the breaking algorithm in your favorite language on your PC would be more convenient and also give results much faster ;-))

      You are right of course:

      Nevertheless the victor's 1.4 GHz laptop, running his own code, took less than a minute to find the settings for all 12 wheels... 240 times faster than Colossus. If you scale the CPU frequency by that factor, you get an equivalent clock of 5.8 MHz for Colossus. That is a remarkable speed for a computer built in 1944.

      You still get massive geek cred. either way :)

    5. Re:If you want to encrypt your data by PopeRatzo · · Score: 2, Funny

      I am still using an Enigma machine that my grandfather brought me back. He stole it from the ennemy while in combat.

      You're the one who's got my grandad's Enigma machine!

      Give it back. You can send it to me here in Argentina.
       

      --
      You are welcome on my lawn.
    6. Re:If you want to encrypt your data by TubeSteak · · Score: 4, Insightful

      Standard AES-256 is actually just fine, problem with these devices is that the manufacturers screwed up the implementation *majorly* (as I understand it, use the same key for every device and depend on a usermode app to say GOOD_GUY/BAD_GUY to the hardware) - but that's covered elsewhere.

      The fact that so many major companies have the same exact flaw in their product suggests (to me) that there is only one manufacturer and multiple vendors who just rebadged the item.

      I think it's less likely that multiple companies independantly managed to screw up their products in exactly the same way.

      --
      [Fuck Beta]
      o0t!
    7. Re:If you want to encrypt your data by evilviper · · Score: 2, Informative

      you get an equivalent clock of 5.8 MHz for Colossus. That is a remarkable speed for a computer built in 1944.

      It would be incredible if true, but it's not. Special-purpose hardware can perform certain types of computations far faster than general-purpose processors. Hardware that could decode 1080i MPEG-2 (HDTV) could easily (though not inexpensively) have been made a decade before Intel/AMD CPUs were up to the task. That doesn't mean we had 2GHz+ CPUs in the early 1990s, it just means we had special-purpose hardware, which would require a 2GHz+ CPU to allow it to be replicated in software...

      It's the same nonsense you get with low-power devices all the time: "OMG! This 10MHz ARM CPU is fast enough to decode H.264 videos!" Not understanding there's just a DSP slapped in the same package there, which is performing the video decoding without using the CPU for anything.

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  2. Encryption algorithm's aren't the weak link by Anonymous Coward · · Score: 4, Insightful

    Encryption algorithm's aren't the weak link, its the implementation. But most people just look at how big the key is not who implemented it.

    1. Re:Encryption algorithm's aren't the weak link by Anonymous Coward · · Score: 3, Funny

      Put it in a way /. understands, please.

      "It's like having a really huge penis but never leaving your mother's basement."

    2. Re:Encryption algorithm's aren't the weak link by Kjella · · Score: 4, Interesting

      Encryption algorithm's aren't the weak link, its the implementation.

      What's more usually the case is that the implementation of the algorithm is just fine, but you fail at using it in the right way. Usually because then you've handed it off from the cryptography experts and to the general team that's building the rest of the system. Kinda like a door that has a great lock but is easy to take off its hinges, won't do you much good.

      --
      Live today, because you never know what tomorrow brings
    3. Re:Encryption algorithm's aren't the weak link by Joce640k · · Score: 4, Funny

      The weak link is in the apostrophe.

      --
      No sig today...
    4. Re:Encryption algorithm's aren't the weak link by Anonymous Coward · · Score: 5, Insightful

      My understanding of these devices puts the analogy at:

      A super solid, near uncrackable/breakable safe, but all models use the same 12345 passcode, and the owners cannot change this.

      To make matters worse, the door of the safe has been mounted on a normal house door that only has a sign saying 'do not open if this is not yours'.

      This way, the safe owners dont need to rember such a complex code as '12345', and you get all the security of the full safe. Unless a intruder happens to have a brain, then they will just open the house door that holds the safe door thus negating the entire system.

      If anyone could design a worse system, they are truely rube goldberg masters.

    5. Re:Encryption algorithm's aren't the weak link by jd2112 · · Score: 2, Funny

      Just use Quantum Encryption, They'll never crack that.

      Oh, nevermind. http://it.slashdot.org/story/09/12/30/2118250/Quantum-Encryption-Implementation-Broken?art_pos=1

      --
      Any insufficiently advanced magic is indistinguishable from technology.
  3. Significant flaw & workaround by Snotboble_ · · Score: 4, Informative

    This is pretty major as so many vendors are affected by it. However, until there's an update or complete recall & replacement, I'd recommend using Truecrypt. Certified by NIST (see HERE. Cross platform. Free (as in spoken beer ;o). Of course, one can only hope that its implementation is better than the devices currently uncovered :P

    --
    Q: How does a Unix guru have sex? A: unzip;strip;touch;finger;mount;fsck;more;yes;umount;sleep
  4. some vendors got it right... Trust no 1 by advocate_one · · Score: 4, Informative

    IronKey was among a number of companies to issue statements reassuring customers that their devices were safe from the same attacks. Jevans said that's because the password and authentication process is contained on the USB drive itself and has nothing to do with the host system.
    "We don't trust the computer at all," he said. "The computer could have malware on it or have hackers accessing it. In our security design, we said we have to assume the computer is completely untrustworthy. That's where we started our threat modeling."

    --
    Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
    1. Re:some vendors got it right... Trust no 1 by AHuxley · · Score: 2, Funny

      Why not just say "Microsoft"?

      --
      Domestic spying is now "Benign Information Gathering"
  5. Doesn't NIST have a clue? by Gnavpot · · Score: 2, Insightful

    I really do not understand this part:
    "The National Institute of Standards and Technology said it's investigating whether it needs to modify [CC] its standards to include password authentication software on host systems."

    This has already been proven to be very unsafe hardware. The fact that you can access the data without using the original software and without knowing the user's password should leave no doubt. As long as you have some software which says "Open Sesame" in the same way as the original software, you will get access.

    So why was this not discovered during the NIST certification process? And why do NIST state that they may need to approve the software too to protect against this?

    It seems to me that NIST blames the software so they will not have to take blame for their faulty certification of the hardware.

    1. Re:Doesn't NIST have a clue? by Anonymous Coward · · Score: 3, Insightful

      NIST doesn't actually certify things as "secure", it makes very specific certification of particular tests that may or may not represent what you think of as "secure". It's only the marketing that makes you think that if the words "NIST", "Certified" and "Security" appear in the same sentence that someone has done a proper end-to-end review.

      It's like the way that the auditors' certificate in financial reports makes people think that the auditor is guaranteeing that there cannot be any fraud in the company and that the company is a good investment - in fact neither of those things are true.

    2. Re:Doesn't NIST have a clue? by Jaime2 · · Score: 3, Insightful

      So why was this not discovered during the NIST certification process?

      Because the certification the hardware received only verifies that the algorithm strength is sufficient and that the device is hardened against physical tampering.

      It seems to me that NIST blames the software so they will not have to take blame for their faulty certification of the hardware.

      Nope, it seems that the NIST has recognized that the certification, as currently written, isn't sufficient and is looking into making it more robust. Had they audited the software, they would have discovered that the software-to-hardware interface is poorly designed and not granted the certification.

  6. Best part of TFA by dr2chase · · Score: 2, Insightful

    is how everything is carefully run through the make-nice factory. The memory chip makers ucked fup. NIST ucked fup. Yet, NIST cannot say, "whoa, we blew it, we have to fix that standard immediately" (else it will be completely worthless). No, they're organizing a committee to appoint a task force to propose revisions to the standard, pending who-knows-what. And even the guys who got it right, try to make nice with a handy excuse for how this came about -- "difficult to administer with all those different passwords". You set two passwords for each device, duh, and let either access the bits. Vendors provide them with a customer-specified admin password, or vendor supplies a chip initialization utility where customer may bake in an admin password.

  7. Nope. How to do it right... by r00t · · Score: 2, Interesting

    You need buttons on the device. Without that, your password could be swiped by PC malware.

    A no-frills minimal device comes with 10 buttons. The password is a 10-digit number printed on a card hidden in the packaging. To avoid having the password revealed by button wear, none of the digits repeats. You put the device in, press buttons, and then it shows up to the OS.

    A better device has a config setup. Press an extra recessed button, and the device appears as a USB netword device with a DHCP server and all. Go to the device's internal web page, just like setting up a home wireless router. There you could create multiple virtualized devices, each with a distinct password. (if you create more than one, then the device shows up as a hub with child devices) This also allows for data-losing recovery from password loss: you just delete the virtual device you can no longer access, then create an empty virtual device with a new password.

  8. Doing file security the wrong way by Old+Man+Kensey · · Score: 2, Insightful

    Any flash drive whose "security" involves a required app running on the host system will not be suitable for cross-platform use even if the app is well-written. The only right way to do it is to encrypt the data written to the drive, using well-known secure encryption algorithms run on the host. And for that purpose a cheap, dumb drive works just as well as a super-expensive "secure, tamper-proof" drive.

    --
    -- Old Man Kensey
  9. Yep. by ScrewMaster · · Score: 2, Funny

    Security specialist Bruce Schneier was blunt in his characterization of the flaw: 'It's a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it.'"

    That's our Bruce.

    --
    The higher the technology, the sharper that two-edged sword.