Monday, September 01, 2008

USB stick/Thumbdrive - AES encryption cracked

Wasn't everyone released when we finally saw USB sticks/Thumbdrives (and whatever else name those little fellows got) came up with AES encryption? Expensive but worth the money, protecting the valuable company data with hardware encryption...correct...oh well...its all in the details. According to CT a German computer magazine at least one of the encrypted fellows has been cracked.

According to the magazine there is a serious flaw that the developers of the encrypted USB thumbdrive stumbled over. A security process...and most of us should be familiar with it...storing already used passwords to check if a user really changed the password. BTW...the USB stick was FIPS 140-2 certified....ouch!

If you can read German, here is the link to the full article: