Crypto Implementation Failure
Look at this new AES-encrypted USB memory stick. You enter the key directly into the stick via the keypad, thereby bypassing any eavesdropping software on the computer.
The problem is that in order to get full 256-bit entropy in the key, you need to enter 77 decimal digits using the keypad. I can't imagine anyone doing that; they'll enter an eight- or ten-digit key and call it done. (Likely, the password encrypts a random key that encrypts the actual data: not that it matters.) And even if you wanted to, is it reasonable to expect someone to enter 77 digits without making an error?
Nice idea, complete implementation failure.
EDITED TO ADD (3/4): According to the manual, the drive locks for two minutes after five unsuccessful attempts. This delay is enough to make brute-force attacks infeasible, even with only ten-digit keys.
So, not nearly as bad as I thought it was. Better would be a much longer delay after 100 or so unsuccessful attempts. Yes, there's a denial-of-service attack against the thing, but stealing it is an even more effective denial-of-service attack.
Posted on March 4, 2010 at 6:05 AM • 99 Comments