[Cryptography] Encrypted flash drives: Secure?

Jonathan Thornburg jthorn4242 at gmail.com
Wed Jul 26 06:49:38 EDT 2017


On Tue, Jul 25, 2017 at 03:18:26PM -0400, Erik wrote:
> I'm looking at some of the encrypted flash drives on the market, and one
> from Corsair features all-hardware encryption with a pin-pad physically
> located on the flash drive.
> 
> 
> https://www.corsair.com/en-us/flash-padlock-2-8gb-usb-flash-drive-refurbished

Using this means trusting the hardware manufacturer to get crypto right.
Past history is not encouraging:
  http://eprint.iacr.org/2015/1002.pdf
  http://www.heise-online.co.uk/security/features/112548

AES is all well and good, but is it in ECB mode?  Are expanded keys
stashed somewhere accessible?  Software is already hard to audit, but
closed-source firmware/hardware is even worse.  And if this system is
really good, you have to worry about various countries' spy agencies
"persuading" the manufacturer to put in backdoors.  Ick.


More information about the cryptography mailing list