Categories
News

Bert Rheinbach

In Germany are no hardware-encrypted USB sticks with vulnerabilities in the circulation of Aachen, 19th January 2010 – the hardware-encrypted USB stick SafeStick is immune to hackers. In Germany from system consulting displaced SafeStick is affected by the vulnerability, which recently caused a scandal. The examination of the user’s password on the hardware itself and the individual response code to ensure that the data can only be decrypted by authorized. \”This vulnerability is so blatant that it is incomprehensible, that the CA has not discovered it!\” declares Bert Rheinbach, CEO of OPTIMAL systems consulting. \”SafeStick can be cracked on them nor in any other way.\” As a German distributor of block master, he was of course relieved, but not surprised about it, because his lab have the stick and thoroughly tested. The hardware-encrypted USB flash drive of the Swedish manufacturer of block master works as follows: when SafeStick real password input generates a one-time password that allows access to the stored data.

Differently than the cracked USB sticks this password on the hardware itself is generated every time a new. SafeStick encrypts all stored data via hardware with the high cipher 256 bit AES (advanced encryption standard) with CBC. You discredit troubled USB flash drives have this recognized high standard of encryption security gap in American USB flash drives. But their password is not on the stick, but verified in the software on the PC. Sent when a successful logon process this string to confirm on the stick, and always the same result for all drives of this type. The tester so just wrote a program that in the memory of the current password input programme ensured that the appropriate string to the stick sent was – irrespective of the entered password. So they were given access to all data stored on the Flash drive. So does SafeStick safe tick, however, checks the password and generates the key on the hardware itself: the password entered by the user is provided by the software on the computer with a hash value.