|
![](/i/fill.gif) |
On 17/08/2011 07:28 PM, Darren New wrote:
> On 8/17/2011 8:57, Invisible wrote:
>> The little "FIPS 140-2" tag is a nice touch. Presumably that's just
>> the code
>> number of the document that formally specifies the AES algorithm or
>> something.
>
> No, it describes the algorithms and how hard it is to break into the
> device and so on. The trick is it's a standard, so the guy in charge of
> ordering office supplies can say "Is it FIPS 140-2 compliant?" without
> having to understand how to evaluate that himself. Wikipedia is your
> friend in this case.
Oh yeah, I know what FIPS 140-2 is *now*. I meant before I looked it up
I assumed it was going to be the designation for AES or something.
> Which device was this? I could use something to stick my passwords on.
...the irony... it burns...
>> At £24 is an apparently rather popular device that has a 5-digit
>> keypad on
>> the casing that allows you to enter a PIN (from 4 to 10 digits).
>> Apparently
>> the LEDs change colour after you've unlocked it. When you unplug it
>> from the
>> PC, it locks again.
>
> Kewl. And what was this one?
OK, for anyone else wanting to duplicate my results:
http://www.ebuyer.com/223405-extra-value-2gb-usb-flash-drive-ev-usb2gb
Cheapest drive. (2GB, £4)
http://www.ebuyer.com/132692-fujifilm-2gb-usb-2-0-secure-and-splash-memory-card-n079050a
Cheapest drive with "security" features. (2GB, £6, trivial password
protection.)
http://www.ebuyer.com/180530-kingston-datatraveler-locker-4gb-usb-flash-drive-with-encryption-100-privacy-dtl-4gb
Cheapest drive which mentions "encryption". (4GB Kingston-branded, £9,
appears to use Windows software to do the encryption.)
http://www.ebuyer.com/159024-kingston-2gb-datatraveler-vault-usb-flash-drive-hi-speed-with-dtv-2gb
Cheapest drive with "hardware encryption". (2GB Kingston-branded, £20,
uses Windows software to access the drive.)
http://www.ebuyer.com/196586-corsair-flash-padlock-2-8gb-usb-flash-drive-with-256-bit-aes-cmfpla8gb
The drive with a physical keypad. (8GB Corsair-branded, £24, uses a 4 to
10 digit PIN to, 5 unique digits, lights up when unlocked, locks when
unplugged. Claims to be AES-256 encrypted.)
http://www.ebuyer.com/159010-kingston-datatraveler-blackbox-4gb-usb-flash-drive-dtbb-4gb
Cheapest FIPS certified drive. (4GB Kingston-branded, £36, FIPS 140-2
level 2 certified.)
Some of the even more expensive drives boast about using AES in XTS
mode, which is stronger than CBC. Well, whatever...
>> It definitely uses AES-256, and it's probably
>> implemented in hardware.
>
> Note that AES in hardware just means they added a trivial processor core
> to the same core that runs the USB protocol. It's not like it's hard to
> do. It's just more transistors on the silicon that's already there.
Not necessarily. I'm pretty sure you can buy off-the-shelf components
that run crypto primitives like AES.
(Also, doesn't the USB protocol require a processor core already? In
which case, all you have to add is firmware for performing AES.)
Fundamentally though, it doesn't matter whether AES is in special
hardware or in firmware. The point is, the encryption is transparent to
the host PC. And *that* means that the host PC can't screw it up! ;-) It
also means you can't actually access the ciphertext at all, without
taking the device apart.
Post a reply to this message
|
![](/i/fill.gif) |