 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I ordered some office supplied, and as usual they arrived with a flyer
telling me about all the fabulous stuff I could be buying. (E.g.,
is impressive...)
One thing that caught my eye was a USB flash drivewith "AES 256-bit
hardware encryption" and "high strength password enforcement".
Obviously, my first assumption was that this is snake oil. For example,
I read a while back about a HD with "hardware AES-256 encryption", where
all it actually did was XOR all the data with a fixed 32-bit mask, and
then AES-encrypt that mask. So the /mask/ is encrypted with powerful
encryption, but the actual /data/ is trivially XOR-encrypted.
The little "FIPS 140-2" tag is a nice touch. Presumably that's just the
code number of the document that formally specifies the AES algorithm or
something.
Obviously the supplier's website contains no technical data at all. Like
most products, it's quite clearly been copied and pasted from somewhere
else (complete with mis-encoded special symbols). Eventually I tracked
down the product on the manufacturer's website. Apparently it /really
has/ been sent to an independent lab for conformance testing, and
there's actually a FIPS certificate number. I was eventually able to dig
this up on the FIPS website.
It's unclear to me what was actually tested. (E.g., I'm almost certain
they /didn't/ get professional cryptographers to try to crack the
encryption and retried data out of it.) Probably they just tested that
it implements AES correctly or something by comparing it against some
known test vectors.
From what technical details I can find, it appears that it stores the
SHA-1 hash of a user-supplied password, and uses that for
authentication. The AES encryption keys are apparently stored
unencrypted inside the unit. Actual data is encrypted with these keys,
running the cipher in CBC mode. (Not the strongest, but not the weakest
either.) It uses a hardware RNG together with the ANSI X9.31 PRNG
algorithm. And it sounds like physically it's fairly hard to get into
the device.
The documents confirm that the device is certified to FIPS 140-2 level 2
compliance. (The highest level is level 4, and it looks like it wouldn't
be applicable to portable devices, only to complete systems.) It's using
a sensible-looking set of algorithms, and it's been through some kind of
verification process. So I'm reasonably confident that this device isn't
/trivially/ hackable.
(I was, however, amused by the manufacturer's product advert. "This
product is routinely used by the hospitals, banks, the police and the
armed forces." Well, yes, technically that's probably true. And
unencrypted floppy disks are also almost certainly used by the same
people. Does that make unencrypted floppy disks count as "secure"? For
that appears to be what they're trying to imply...)
My next step was to go to my supplier of choice and see what kinds of
encrypted USB devices they could sell me, at what prices.
password protection for added security". No word on how it's
implemented. I imagine it isn't especially secure, it just stops curious
individuals nosing through your files.
All of the cheapest "secure" drives mention the keyword "software". In
other words, it's a normal USB drive, with some [probably Windows-only]
software on it which asks you for a password, and won't let you access
any files unless you type in the correct password. I severely doubt that
any data is actually encrypted; instead, the supplied software merely
refuses to let you look without the password. It's probably trivially
easy to defeat such software. (Perhaps it's as simple as installing
Linux...)
(which is by no means "expensive" compared to the other products in the
list). The fact that the system requirements claim that "2 unused drive
letters" are required suggests that once again, this is a software
solution. In other words, when you insert the thing, it runs some
[Windows] software that transparently encrypts and decrypts data as it
is transferred. Still, that's a small step up in security. Even if the
software doesn't function, you can't get at the data. (Assuming it does
something sensible with the encryption keys.)
Going up the price list, all the "secured" devices still talk about
hardware (although they gradually shout louder and louder about AES).
The cheapest product I could find which is definitely using /hardware/
other big-brand devices.) "Includes XYZ software to access the encrypted
data." So you still need Windows to access it.
on the casing that allows you to enter a PIN (from 4 to 10 digits).
Apparently the LEDs change colour after you've unlocked it. When you
unplug it from the PC, it locks again. It definitely uses AES-256, and
it's probably implemented in hardware. 5^10 is roughly 10 million, and
hence the PIN must be entered by hand, you aren't going to crack this
too easily. (No word on whether the device disables itself given a
number of access attempts.)
The cheapest device I could find that is actually FIPS 140-2 certified
cheapest 4GB drive. On the other hand, it's not drastically more than
lot more expensive. But it's not /drastically/ expensive, really. I
encryption.
It's not so much that the encrypted drives are "expensive", more than
the unencrypted ones are jaw-droppingly cheap. If you actually /needed/
encrypt all your files before putting them onto an external storage
device. Then you know /exactly/ which way it's been encrypted, and
further more you can arrange it so that (for example) it's protected by
a certificate rather than a password...
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 17 Aug 2011 16:57:29 +0100, Invisible wrote:
> On the other hand, for £0 you can download a copy of GPG and manually
> encrypt all your files before putting them onto an external storage
> device.
Of course, file by file encryption makes the encryption obvious. Try
truecrypt instead. :)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 17/08/2011 06:05 PM, Jim Henderson wrote:
> On Wed, 17 Aug 2011 16:57:29 +0100, Invisible wrote:
>
>> On the other hand, for £0 you can download a copy of GPG and manually
>> encrypt all your files before putting them onto an external storage
>> device.
>
> Of course, file by file encryption makes the encryption obvious. Try
> truecrypt instead. :)
Oh, GPG is quite capable of taking /multiple/ files and encrypting the
entire lot as one binary blob. So all you know is that it's encrypted,
and how big it is. You can't tell how many files are inside, nor what
their uncompressed size is...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 8/17/2011 8:57, Invisible wrote:
> The little "FIPS 140-2" tag is a nice touch. Presumably that's just the
code
> number of the document that formally specifies the AES algorithm or som
ething.
No, it describes the algorithms and how hard it is to break into the devi
ce
and so on. The trick is it's a standard, so the guy in charge of ordering
office supplies can say "Is it FIPS 140-2 compliant?" without having to
understand how to evaluate that himself. Wikipedia is your friend in this
case.
> The documents confirm that the device is certified to FIPS 140-2 level
2
> compliance. (The highest level is level 4, and it looks like it wouldn'
t be
> applicable to portable devices, only to complete systems.) It's using a
> sensible-looking set of algorithms, and it's been through some kind of
> verification process. So I'm reasonably confident that this device isn'
t
> /trivially/ hackable.
Which device was this? I could use something to stick my passwords on.
> At £24 is an apparently rather popular device that has a 5-digit k
eypad on
> the casing that allows you to enter a PIN (from 4 to 10 digits). Appare
ntly
> the LEDs change colour after you've unlocked it. When you unplug it fro
m the
> PC, it locks again.
Kewl. And what was this one?
> It definitely uses AES-256, and it's probably
> implemented in hardware.
Note that AES in hardware just means they added a trivial processor core
to
the same core that runs the USB protocol. It's not like it's hard to do.
It's just more transistors on the silicon that's already there.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 17 Aug 2011 18:57:23 +0100, Orchid XP v8 wrote:
> On 17/08/2011 06:05 PM, Jim Henderson wrote:
>> On Wed, 17 Aug 2011 16:57:29 +0100, Invisible wrote:
>>
>>> On the other hand, for £0 you can download a copy of GPG and manually
>>> encrypt all your files before putting them onto an external storage
>>> device.
>>
>> Of course, file by file encryption makes the encryption obvious. Try
>> truecrypt instead. :)
>
> Oh, GPG is quite capable of taking /multiple/ files and encrypting the
> entire lot as one binary blob. So all you know is that it's encrypted,
> and how big it is. You can't tell how many files are inside, nor what
> their uncompressed size is...
I haven't looked at GPG in a while, but didn't know it could do that.
I'll have to have another look at it.
But with Truecrypt, you can encrypt the entire device and there's no
indication of anything on it other than just random data.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>>> Of course, file by file encryption makes the encryption obvious. Try
>>> truecrypt instead. :)
>>
>> Oh, GPG is quite capable of taking /multiple/ files and encrypting the
>> entire lot as one binary blob. So all you know is that it's encrypted,
>> and how big it is. You can't tell how many files are inside, nor what
>> their uncompressed size is...
>
> I haven't looked at GPG in a while, but didn't know it could do that.
> I'll have to have another look at it.
PGP can encrypt a bunch of files as a self-decrypting executable file.
Then again, PGP [now] costs money. AFAIK, GPG doesn't have this feature.
> But with Truecrypt, you can encrypt the entire device and there's no
> indication of anything on it other than just random data.
Sure. There is that. In fact, I'm told there's a number of freeware
whole-drive encryption products. They're usually applied to HDs, but I
suppose they should apply equally to portable ones.
I also imagine that such products have to be /installed/ on any machine
before they can be used. GPG has the advantage that it's just a single
executable. I mean, the whole point of portable storage is to be, you
know, /portable/. If I encrypt all my stuff and put it on a flash drive,
and put a copy of GPG on there as well, I can decrypt on any PC I might
visit. (Especially if I include a Linux binary as well as a Windows
one.) If I use Truecrypt or similar, any time I visit another PC I have
to spend time installing and configuring software before I can access my
data.
The same advantages apply to drives with hardware encryption, of course...
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 17/08/2011 07:28 PM, Darren New wrote:
> On 8/17/2011 8:57, Invisible wrote:
>> The little "FIPS 140-2" tag is a nice touch. Presumably that's just
>> the code
>> number of the document that formally specifies the AES algorithm or
>> something.
>
> No, it describes the algorithms and how hard it is to break into the
> device and so on. The trick is it's a standard, so the guy in charge of
> ordering office supplies can say "Is it FIPS 140-2 compliant?" without
> having to understand how to evaluate that himself. Wikipedia is your
> friend in this case.
Oh yeah, I know what FIPS 140-2 is *now*. I meant before I looked it up
I assumed it was going to be the designation for AES or something.
> Which device was this? I could use something to stick my passwords on.
...the irony... it burns...
>> At £24 is an apparently rather popular device that has a 5-digit
>> keypad on
>> the casing that allows you to enter a PIN (from 4 to 10 digits).
>> Apparently
>> the LEDs change colour after you've unlocked it. When you unplug it
>> from the
>> PC, it locks again.
>
> Kewl. And what was this one?
OK, for anyone else wanting to duplicate my results:
http://www.ebuyer.com/223405-extra-value-2gb-usb-flash-drive-ev-usb2gb
Cheapest drive. (2GB, £4)
http://www.ebuyer.com/132692-fujifilm-2gb-usb-2-0-secure-and-splash-memory-card-n079050a
Cheapest drive with "security" features. (2GB, £6, trivial password
protection.)
http://www.ebuyer.com/180530-kingston-datatraveler-locker-4gb-usb-flash-drive-with-encryption-100-privacy-dtl-4gb
Cheapest drive which mentions "encryption". (4GB Kingston-branded, £9,
appears to use Windows software to do the encryption.)
http://www.ebuyer.com/159024-kingston-2gb-datatraveler-vault-usb-flash-drive-hi-speed-with-dtv-2gb
Cheapest drive with "hardware encryption". (2GB Kingston-branded, £20,
uses Windows software to access the drive.)
http://www.ebuyer.com/196586-corsair-flash-padlock-2-8gb-usb-flash-drive-with-256-bit-aes-cmfpla8gb
The drive with a physical keypad. (8GB Corsair-branded, £24, uses a 4 to
10 digit PIN to, 5 unique digits, lights up when unlocked, locks when
unplugged. Claims to be AES-256 encrypted.)
http://www.ebuyer.com/159010-kingston-datatraveler-blackbox-4gb-usb-flash-drive-dtbb-4gb
Cheapest FIPS certified drive. (4GB Kingston-branded, £36, FIPS 140-2
level 2 certified.)
Some of the even more expensive drives boast about using AES in XTS
mode, which is stronger than CBC. Well, whatever...
>> It definitely uses AES-256, and it's probably
>> implemented in hardware.
>
> Note that AES in hardware just means they added a trivial processor core
> to the same core that runs the USB protocol. It's not like it's hard to
> do. It's just more transistors on the silicon that's already there.
Not necessarily. I'm pretty sure you can buy off-the-shelf components
that run crypto primitives like AES.
(Also, doesn't the USB protocol require a processor core already? In
which case, all you have to add is firmware for performing AES.)
Fundamentally though, it doesn't matter whether AES is in special
hardware or in firmware. The point is, the encryption is transparent to
the host PC. And *that* means that the host PC can't screw it up! ;-) It
also means you can't actually access the ciphertext at all, without
taking the device apart.
Post a reply to this message
|
|
| |
| |
|
|
From: Lars R
Subject: Re: Encrypted storage - sensitive data on non-trustworthy computers
Date: 18 Aug 2011 05:08:06
Message: <4e4cd676$1@news.povray.org>
|
|
|
| |
| |
|
|
GPG and Truecrypt don't have to be “installed” but can be used directly
from USB drive, sure.
But: If you have sensitive data on your USB drive you never ever should
decrypt them on a foreign PC, in an Internet café etc. because you
cannot trust them at all (keylogger, spyware etc.)
Call me paranoid but I distrust any Windows PC (and any other PC that is
under control of a talented Linux guy) and I would never enter any
sensitive password on them (neither web mail nor ssh nor crypted USB
drives etc.)
Lars R.
Post a reply to this message
|
|
| |
| |
|
|
From: Invisible
Subject: Re: Encrypted storage - sensitive data on non-trustworthy computers
Date: 18 Aug 2011 05:27:11
Message: <4e4cdaef$1@news.povray.org>
|
|
|
| |
| |
|
|
On 18/08/2011 10:08 AM, Lars R. wrote:
> GPG and Truecrypt don't have to be “installed” but can be used directly
> from USB drive, sure.
GPG, yes. (I've done it.) Truecrypt, I couldn't say. Never tried it.
> But: If you have sensitive data on your USB drive you never ever should
> decrypt them on a foreign PC, in an Internet café etc. because you
> cannot trust them at all (keylogger, spyware etc.)
This is of course a valid point. If your drive actually contains
anything "sensitive" then no, you really don't want to be decrypting
that for arbitrary PCs.
If, on the other hand, the drive just contains your holiday photos that
you'd prefer random strangers to /not/ be able to access, then
encrypting the data will prevent that, and I wouldn't be too worried
about decrypting it in an Internet cafe.
As with everything security-wise, it depends how much security you need.
1. I keep all my favourite program installers on a flash drive. None of
it is encrypted, but then again, none of it is secret either. I don't
really care who can see it. Security is not an issue.
2. If I had, say, my holiday photos or something on there, which I don't
want random strangers looking at, I could encrypt it in various ways. If
the drive gets lost or stolen, nobody can access the contents. But
decrypting it on an untrusted PC is no big deal, really.
3. If I had something like my bank details on there, I would /not/ be
decrypting that stuff on any system except one that I set up myself. But
then, really, WTF would that be on a portable drive for anyway? I would
probably GPG encrypt, using public key cryptography rather than a mere
password to secure it. Since presumably only trusted systems have a copy
of my private key, I /can't/ decrypt the data from anywhere else, even
if I want to.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 8/18/2011 1:29, Invisible wrote:
>> Which device was this? I could use something to stick my passwords on.
> ...the irony... it burns...
What's ironic about wanting to put passwords or private keys on an encrypted
portable medium?
> OK, for anyone else wanting to duplicate my results:
Thank you!
> Not necessarily. I'm pretty sure you can buy off-the-shelf components that
> run crypto primitives like AES.
I was thinking it would likely be a core, not a component as such.
> (Also, doesn't the USB protocol require a processor core already? In which
> case, all you have to add is firmware for performing AES.)
That was my point, yes. :-)
> Fundamentally though, it doesn't matter whether AES is in special hardware
> or in firmware. The point is, the encryption is transparent to the host PC.
Right.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
