Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA: Self-Encrypting USB Hard Drives for all Operating Systems (Video)

Posted by Roblimo on from the the-mysteries-of-the-crypt-on-a-portable-hard-drive dept.

Tim Lord met Jay Kim at the RSA Conference in an Francisco. Kim's background is in manufacturing, but he's got an interest in security that has manifested itself in hardware with an emphasis on ease of use. His company, DataLocker, has come up with a fully cross-platform, driver independent portable system that mates a touch-pad input device with an AES-encrypted drive. It doesn't look much different from typical external USB drives, except for being a little beefier and bulkier than the current average, to account for both a touchpad and the additional electronics for performing encryption and decryption in hardware. Because authentication is done on the face of the drive itself, it can be used with any USB-equipped computer available to the user, and works fine as a bootable device, so you can -- for instance -- run a complete Linux system from it. (For that, though, you might want one of the smaller-capacity, solid-state versions of this drive, for speed.) Kim talked about the drive, and painted a rosy picture of what it's like to be a high-tech entrepreneur in Kansas.

4 of 154 comments (clear)

  1. Re:does it have a FBI unlock code? by ArhcAngel · · Score: 4, Insightful

    Obligitory

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  2. Re:NEAT by camperdave · · Score: 3, Insightful

    Mod This Up.

    Mod This Down.

    Sigh! You win some, you lose some.

    --
    When our name is on the back of your car, we're behind you all the way!
  3. Re:Hell no by n7ytd · · Score: 3, Insightful

    Hardware encryption is superior to software encryption because at least with hardware encryption there is less room for error. Software usually has bugs, one bug in any implementation and its broken.

    I'm not sure what you're saying here... hardware encryption has less room for error because you can implicitly trust the company baking the algorithm into the hardware? Hardware can have all of the implementation errors that a software approach might have.

    Unless you compiled it yourself you can't trust the person who compiled it or the compiler itself not to have a bug or backdoor.

    But at least someone versed in the art can inspect the software to look for these bugs. With hardware, it's just a black box that you have to trust or reverse engineer at a much higher cost.

  4. Not secure. by gmarsh · · Score: 3, Insightful

    Here's how you crack this.

    - Buy another one of these drives and gut it. Replace or reprogram the touchscreen controller, and stuff a GSM modem in there.
    - Program the controller to act like an ordinary drive, but send the entered password as a text message via the GSM modem. Make it act like the password was entered wrong so the user enters it a few times.
    - Swap the modified "drive" for the users' original drive.
    - Wait for the password to arrive at your prepaid cellphone.

    You can break Truecrypt the same way - copy a users' encrypted data, and replace the Truecrypt executable with one that broadcasts the password when the user types it.

    Not sure what this attack is called - "false keypad attack"?