Secure USB

[LunarMist]

Are these any good?

 

[Mercutio]

As far as I know, 256bit AES is still considered secure.

 

[LunarMist]

Do they operate correctly on any computer? Are there any other hardware-based USB drives to consider?

 

[ddrueding]

I don't know about that one, but there was an article featured on Slashdot a while back that explained that many of those use insecure implementations of secure protocols. I don't know enough about the internals of security, but if I were looking for a secure way to carry around files, I would use TrueCrypt.

 

[LunarMist]

I can't use a software-based drive.

 

[timwhit]

I have an entire drive that is encrypted with TrueCrypt. It has worked well for me.

 

[ddrueding]

This is the bit I had read. It doesn't mention that one specifically.

 

[LunarMist]

I have an entire drive that is encrypted with TrueCrypt. It has worked well for me.

That is fine for home use, but I want a USB drive to travel with. I'm not in IT so admin privileges are not an option.

 

[time]

Corsair talks about a 4-10 digit PIN. Hashed or not (and it will be, to get 256 bits), a 4-digit PIN would be pretty easy to crack.

If they truly don't allow alphabetical characters, I'd hate to have to remember a 10-digit number.

 

[Mercutio]

I'd hate to have to remember a 10-digit number.

Do you not occasionally need to dial a phone number?

 

[Sol]

It's been many years since I've had to remember a phone number, pretty much ever since phones started remembering them. (It's actually a bit of a problem every time I need to give someone my number... But that's another topic...)

On topic though the best case for this thing is 10^10 possible passwords (and based on the picture it looks more like 5^10) that'll seriously slow down anyone trying to punch in every possible code but won't do much to stop someone who's ready to take the thing apart. (And I think there are probably some features to stop this but they're probably not going to stop a sufficiently determined attacker).

So it's pretty secure as long as your data isn't too valuable...

 

[ddrueding]

It looks pretty good, but as Sol mentioned, there are limitations. Also, I'm not seeing any security certifications on the website, so it might not qualify for escaping data loss notification rules.

 

[udaman]

That is fine for home use, but I want a USB drive to travel with. I'm not in IT so admin privileges are not an option.

^That would need more explaining in another post

http://www.h-online.com/security/fe...e-AES-encryption-has-been-cracked-746215.html

http://www.clubmac.com/clubmac/shop...GB+Biometric+USB+Flash+Drive&mfg=AES-SB-MD-8G

The Kanguru Bio AES’s two-factor authentication makes it one of the most secure ways to transport your data. The Kanguru Bio AES uses a biometric sensor that will recognize up to 10 fingerprints or thumbprints and 256-bit AES encryption. Only after an authorized fingerprint is confirmed and the correct password is entered can a user access the confidential information. The Kanguru Bio AES, although sophisticated in design and technology, is very easy to use. The Bio AES comes with a user friendly setup wizard that walks you through the fingerprint scanning process. As an added benefit, all saved fingerprints, as well as the security program itself are stored directly on the drive. It can be used with most Windows platforms and requires no administration privileges so you never have to install anything to use it!

Or in the alternative actual programmable hardware 'keys' that could fit on a keychain, albeit much more expensive & fast--- HDD for max capacity/lower cost...or fast SSD

http://www.wiebetech.com/products/toughtech_secure_mini.php



or even USB 3.0 now $$$$:

http://www.sparco.com/cgi-bin/wfind2?spn=A1KC234


Never used them myself, do a Google search:

AES USB flash drive

 

[ddrueding]

or even USB 3.0 now $$$$:

http://www.sparco.com/cgi-bin/wfind2?spn=A1KC234

That one actually is pretty cool....

 

[LunarMist]

It's been many years since I've had to remember a phone number, pretty much ever since phones started remembering them. (It's actually a bit of a problem every time I need to give someone my number... But that's another topic...)

On topic though the best case for this thing is 10^10 possible passwords (and based on the picture it looks more like 5^10) that'll seriously slow down anyone trying to punch in every possible code but won't do much to stop someone who's ready to take the thing apart. (And I think there are probably some features to stop this but they're probably not going to stop a sufficiently determined attacker).

So it's pretty secure as long as your data isn't too valuable...

If I'm doing the math correctly, the 50% percent probability of randomly unlocking the device is reached at 3.7 years assuming perfect timing and 24/7 attempts.

 

[LunarMist]

Do you not occasionally need to dial a phone number?

I'm not sure how many digits are needed down there though.

 

[time]

It's a bit weird.

8 digits for numbers in the same state (more or less)

10 digits for other states, but the first digit is always zero ...

10 digits for cell phones, and again, the first digit is always zero.

So really, a maximum of 9 digits.

Personally, I was able to memorize 7 digits, but struggled when they went to 8, even though the first digit is usually predictable.

 

[Tea]

That, Time, is only because Telstra are complete and utter bastards. (OK, OK, tell you something you don't know already.) People have much more difficulty with 8 digits than they do with 7. 8 is just outside the zone of easy memorisation. 7 is just inside it. 6 is very easy and even quite significantly disabled people can manage 6 digits.

There was absolutely no need whatsoever to force Australians to go to cumbersome, difficult-to-remember 8-digit numbers. The only reason they did it was to avoid having two different area codes for different parts of Melbourne and Sydney. THis would have been simplicity itself to do. THe obvious easy method would be (e.g.) 4 = east of the Yarra, 5 = west of the Yarra. In Sydney,you use the Hawkesbury in the same way. Avsolutely no need whatsoever to inflict 8-digit numbers on all those Australians using 7-digit numbers (Melbourne, Sydney, Brisbane, a few other places), let alone on those Australians using 6-digit numbers (the entire country apart from the places I just mentioned).

Telstra are just complete scum. They don't give a flying fark about anyone - certainly not their customers. Probably the main reason they went for difficult-to-remember 8-digit numbers was that it significantly increases the number of mistakes people make, and wrong numbers = more revenue. I'd string the buggers up by their technicals and let 'em dangle.

 

[Sol]

If I'm doing the math correctly, the 50% percent probability of randomly unlocking the device is reached at 3.7 years assuming perfect timing and 24/7 attempts.

My first thought was cheap immigrant labor, but I came up with similar numbers and decided it probably wasn't a practical solution.

In the end I was thinking more along the lines of de-soldering the flash chips and reading the raw encrypted data then applying a brute force attack to that. So the time is purely a matter of how much hardware you throw at it (A job for Amazon EC2 maybe?). There are probably things to make that tricky but given physical access to the device and enough patience and CPU time there is pretty much going to be some attack that will work.

Regarding phone numbers, I'm completely over them... Email addresses are far easier to remember and there really isn't any reason we couldn't use them (Or at least a similar format) instead. (Apart from almost everyone having to replace their land line phones and move to a voip infrastructure with battery backup for emergency use and some potentially serious problems for anyone wanting to keep the current per-call per-minute billing model of course, but if digital TV was worth upgrading for then surely this is...)

 

[Tea]

Wots a digital TV?

 

[LunarMist]

My first thought was cheap immigrant labor, but I came up with similar numbers and decided it probably wasn't a practical solution.

In the end I was thinking more along the lines of de-soldering the flash chips and reading the raw encrypted data then applying a brute force attack to that. So the time is purely a matter of how much hardware you throw at it (A job for Amazon EC2 maybe?). There are probably things to make that tricky but given physical access to the device and enough patience and CPU time there is pretty much going to be some attack that will work.

The police could get the password in a few minutes.

 

[LunarMist]

Wots a digital TV?

On cable, it's a blotchy version of what TV once was.

 

[LunarMist]

It's a bit weird.

8 digits for numbers in the same state (more or less)

10 digits for other states, but the first digit is always zero ...

10 digits for cell phones, and again, the first digit is always zero.

So really, a maximum of 9 digits.

Personally, I was able to memorize 7 digits, but struggled when they went to 8, even though the first digit is usually predictable.

In the 1960s we had a 5-digit number for local calls and 7 for the county. 10 digits was only for long distance. Most phone numbers consists of 10 digits now, even for local calls.

 

[sdbardwick]

In the 1960s we had a 5-digit number for local calls and 7 for the county. 10 digits was only for long distance. Most phone numbers consists of 10 digits now, even for local calls.

Stupid overlay area codes. When I lived in LA, I was within a 1/2 drive of 6 area codes (310, 818, 626, 323, 213, and 562); made for quick geolocation. Now I need to dial 1+ ten digits to call next door, because of an overlay area code, and the quick location is gone.

Edit: IIRC, when I first moved to LA, you could dial 4 digits and the CO assumed you were calling within your prefix and connected you.

 

[Tea]

Here in Oz, SD, the full number (including area code) is 10 digits but if you are dialing somewhere in the same area you "only" have to dial the last 8. Why not only the last 6 FFS? I can drive 300 kilometres from here and still every single phone number (full 10-digit version) starts with 0353 - so why make me dial 8 bloody digits when only 6 are significant?

Because Telstra are bastards. Next question?