Encryption busted on popular USB flash drives
A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.
bob you should have added this too, they didn't crack the algorithm, they used a security flaw in the encryption/decryption program:
The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.
if they had cracked AES 256, which is hardly to happen anytime soon, it would have made the headlines on a few sites and mags
...but well, the program flaw is bad enough to be mentioned.
But there are alternatives, TrueCrypt and now Bitlocker (Windows 7 version) that can be used to encrypt USB drives as well.