Biogy

Three NIST certified USB drives (those from Kingston, Sandisk and Verbatim) have been cracked. It turns out that the protocol for communicating between the password checking software on the host, and the encryption engine on the drive itself was very naively implemented. A fixed string was sent from the host to the drive to indicate that the password had been entered correctly and so to unlock the drive. Of course, any other mechanism for sending Read more…