That's why people should use TrueCrypt or similar instead of proprietary solutions. Tamas On Thu, Jan 7, 2010 at 12:50 AM, Vitaliy wrote: > http://blogs.zdnet.com/hardware/?p=6655 > > A word of warning to those of you who rely on hardware-based encrypted USB > flash drives. Security firm SySS has reportedly cracked the AES 256-bit > hardware-based encryption used on flash drives manufactured by Kingston, > SanDisk and Verbatim. > > The crack relies on a weakness so astoundingly bone-headed that it's almost > hard to believe. While the data on the drive is indeed encrypted using > 256-bit crypto, there's a huge failure in the authentication program. When > the correct password is supplied by the user, the authentication program > always send the same character string to the drive to decrypt the data no > matter what the password used. What's also staggering is that this character > string is the same for Kingston, SanDisk and Verbatim USB flash drives. > > Cracking the drives is therefore quite an easy process. The folks at SySS > wrote an application that always sent the appropriate string to the drive, > irrespective of the password entered, and therefore gained immediate access > to all the data on the drive. > > This is a big deal also from a point of certification. These drives are sold > as meeting security standards making them suitable for use with sensitive US > Government data (unclassified rating) and have a FIPS 140-2 Level 2 > certificate issued by the US National Institute of Standards and Technology > (NIST). > > Vendors have had a mixed reaction to the news. Kingston has done the right > thing and issued a recall. Verbatim and SanDisk has issued a statement and > have updates available, but the threat is downplayed. > Bottom line, check your flash drives! > > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist > -- /* www.mcuhobby.com */ int main() { char *a,*s,*q; printf(s="/* www.mcuhobby.com */ int main() { char *a,*s,*q; printf(s=%s%s%s, q=%s%s%s%s,s,q,q,a=%s%s%s%s,q,q,q,a,a,q); }", q="\"",s,q,q,a="\\",q,q,q,a,a,q); } -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist