Encryption busted on NIST-certified Kingston, SanDisk and Verbatim USB flash drives. Excerpt from Post by Adrian Kingsley-Hughes via zdnet log.: A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm has reportedly cracked the AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim. The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe.

The negative value -1.5 shows a team favored by 1.5 runs. Fave means the team must win by at least two runs to cover the runline spread (4-2 wins, 3-2 loses).

While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. Drivers para mouse gtc ribbon. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives. Vendors have had a mixed reaction to the news. Kingston has done the right thing.

And has issued a statement and have updates available, but the threat is downplayed. Bottom line, check your flash drives! Only the Cruzer® Enterprise hardware-based encryption USB's are being provided a software product update online to secure existing Cruzer Enterprise USB flash drive devices. Why only these models?

Surely similar protocol is usesin all the other AES hardware encrpted drives. How about it DrLucky? SanDisk's response to Encryption vulnerability. It doesn't go far enough to cover the other USB drives they make. Only the Cruzer® Enterprise hardware-based encryption USB's are being provided a software product update online to secure existing Cruzer Enterprise USB flash drive devices. Lets all ask to Adrian Kingsley-Hughes who published the encryption vulnerability via zdnet and Why only these models?

Surely similar protocol is usesin all the other AES hardware encrpted drives. How about it DrLucky? SanDisk's response to Encryption vulnerability. It doesn't go far enough to cover the other USB drives they make. Overview The Cruzer® Enterprise series of USB flash drives are equipped with a hardware-based encryption module and an access control mechanism to protect company data. SanDisk has recently identified a potential vulnerability in the access control mechanism and has provided a product update to address the issue. Important Note: This issue is only applicable to the application running on the host and does not apply to the device hardware or firmware.

As a result, all Cruzer Enterprise USB flash drives being shipped to customers as of today contain the product update. SanDisk has also taken measures to inform customers and channel partners about the issue and has provided a software product update online to secure existing Cruzer Enterprise USB flash drive devices. Devices to which this change applies: • Cruzer® Enterprise USB flash drive, CZ22 - 1GB, 2GB, 4GB, 8GB • Cruzer® Enterprise FIPS Edition USB flash drive, CZ32 - 1GB, 2GB, 4GB, 8GB • Cruzer® Enterprise with McAfee USB flash drive, CZ38 - 1GB, 2GB, 4GB, 8GB • Cruzer® Enterprise FIPS Edition with McAfee USB flash drive, CZ46 - 1GB, 2GB, 4GB, 8GB Recommendations To implement this change, SanDisk recommends to users to install an update file, following this procedure: • Fill in the online form here. This will direct you to a downloading site. • Download the 'updater selector' application and the with installation instructions. Summary Preserving customer security and product reliability continues to be a top priority at SanDisk.

SanDisk will continue to work diligently with customers as well as third-party security researchers to maintain high levels of security. Sorry drlucky, but I don't buy it. I don't think we'll ever know if any of the other drives are safe until it is tested by the same application used by SySS.

That's why we need to request Syss to expand the test on the other model drives. I don't trust Sandisk considering there lack of responce for other issues/questions we've had. The test was as follows per the article: 'Cracking the drives is therefore quite an easy process. The folks at SySS wrote an application that always sent the appropriate string to the drive, irrespective of the password entered, and therefore gained immediate access to all the data on the drive.'