On 8/17/2011 8:57, Invisible wrote:
> The little "FIPS 140-2" tag is a nice touch. Presumably that's just the
 code
> number of the document that formally specifies the AES algorithm or som
ething.

No, it describes the algorithms and how hard it is to break into the devi
ce 
and so on. The trick is it's a standard, so the guy in charge of ordering
 
office supplies can say "Is it FIPS 140-2 compliant?" without having to 
understand how to evaluate that himself. Wikipedia is your friend in this
 case.

> The documents confirm that the device is certified to FIPS 140-2 level 
2
> compliance. (The highest level is level 4, and it looks like it wouldn'
t be
> applicable to portable devices, only to complete systems.) It's using a

> sensible-looking set of algorithms, and it's been through some kind of
> verification process. So I'm reasonably confident that this device isn'
t
> /trivially/ hackable.

Which device was this? I could use something to stick my passwords on.

> At £24 is an apparently rather popular device that has a 5-digit k
eypad on
> the casing that allows you to enter a PIN (from 4 to 10 digits). Appare
ntly
> the LEDs change colour after you've unlocked it. When you unplug it fro
m the
> PC, it locks again.

Kewl. And what was this one?

> It definitely uses AES-256, and it's probably
> implemented in hardware.

Note that AES in hardware just means they added a trivial processor core 
to 
the same core that runs the USB protocol. It's not like it's hard to do. 

It's just more transistors on the silicon that's already there.

-- 
Darren New, San Diego CA, USA (PST)
   How come I never get only one kudo?

Post a reply to this message