[Cryptography] Encrypted flash drives: Secure?
Jonathan Thornburg
jthorn4242 at gmail.com
Wed Jul 26 06:49:38 EDT 2017
On Tue, Jul 25, 2017 at 03:18:26PM -0400, Erik wrote:
> I'm looking at some of the encrypted flash drives on the market, and one
> from Corsair features all-hardware encryption with a pin-pad physically
> located on the flash drive.
>
>
> https://www.corsair.com/en-us/flash-padlock-2-8gb-usb-flash-drive-refurbished
Using this means trusting the hardware manufacturer to get crypto right.
Past history is not encouraging:
http://eprint.iacr.org/2015/1002.pdf
http://www.heise-online.co.uk/security/features/112548
AES is all well and good, but is it in ECB mode? Are expanded keys
stashed somewhere accessible? Software is already hard to audit, but
closed-source firmware/hardware is even worse. And if this system is
really good, you have to worry about various countries' spy agencies
"persuading" the manufacturer to put in backdoors. Ick.
More information about the cryptography
mailing list