I agree completely. I use Truecrypt (on flashdrives) To protect all of my clients' data. Each client has his own 16G flashdrive, containing all critical apps and critical data. I maintain a weekly copy on another drive. If I lose the client's drive, I simply work with the backup and go on, because the thief can't read anything on a Truecrypt container, it looks like noise.. I was never happy with Sandisk's algorithm from the getgo. On Wed, Jan 6, 2010 at 8:39 PM, Tamas Rudnai wrote: > That's why people should use TrueCrypt or similar instead of > proprietary solutions. > > Tamas > > > On Thu, Jan 7, 2010 at 12:50 AM, Vitaliy wrote: >> http://blogs.zdnet.com/hardware/?p=6655 >> >> A word of warning to those of you who rely on hardware-based encrypted USB >> flash drives. Security firm SySS has reportedly cracked the AES 256-bit >> hardware-based encryption used on flash drives manufactured by Kingston, >> SanDisk and Verbatim. >> >> The crack relies on a weakness so astoundingly bone-headed that it's almost >> hard to believe. While the data on the drive is indeed encrypted using >> 256-bit crypto, there's a huge failure in the authentication program. When >> the correct password is supplied by the user, the authentication program >> always send the same character string to the drive to decrypt the data no >> matter what the password used. What's also staggering is that this character >> string is the same for Kingston, SanDisk and Verbatim USB flash drives. >> >> Cracking the drives is therefore quite an easy process. The folks at SySS >> wrote an application that always sent the appropriate string to the drive, >> irrespective of the password entered, and therefore gained immediate access >> to all the data on the drive. >> >> This is a big deal also from a point of certification. These drives are sold >> as meeting security standards making them suitable for use with sensitive US >> Government data (unclassified rating) and have a FIPS 140-2 Level 2 >> certificate issued by the US National Institute of Standards and Technology >> (NIST). >> >> Vendors have had a mixed reaction to the news. Kingston has done the right >> thing and issued a recall. Verbatim and SanDisk has issued a statement and >> have updates available, but the threat is downplayed. >> Bottom line, check your flash drives! >> >> -- >> http://www.piclist.com PIC/SX FAQ & list archive >> View/change your membership options at >> http://mailman.mit.edu/mailman/listinfo/piclist >> > > > > -- > /* www.mcuhobby.com */ int main() { char *a,*s,*q; printf(s="/* > www.mcuhobby.com */ int main() { char *a,*s,*q; printf(s=%s%s%s, > q=%s%s%s%s,s,q,q,a=%s%s%s%s,q,q,q,a,a,q); }", > q="\"",s,q,q,a="\\",q,q,q,a,a,q); } > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist > -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist