Home > slashdot > NIST Investigating Mass Flash Drive Vulnerability

NIST Investigating Mass Flash Drive Vulnerability

January 9th, 2010 01:05 admin Leave a comment Go to comments

Lucas123 writes with a followup to news we discussed earlier this week that the encryption on NIST-certified flash drives was cracked.
“A number of leading manufacturers of encrypted flash drives have warned their customers of a security flaw uncovered by a German company. The devices in question use the AES 256-bit encryption algorithm and have been certified using the FIPS 140-2, but the flaw appears to circumvent the certification process by uncovering the password authentication code on host systems. The National Institute of Standards and Technology said it’s investigating whether it needs to modify its standards to include password authentication software on host systems. Security specialist Bruce Schneier was blunt in his characterization of the flaw: ‘It’s a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it.’”

Source: NIST Investigating Mass Flash Drive Vulnerability

Related Articles:

  1. Encryption Cracked On NIST-Certified Flash Drives
  2. Did NIST Cripple SHA-3?
  3. US Revamps NIST’s Standard-Setting Efforts
  4. NIST Publishes Draft Guidelines For Server BIOS Protection
  5. US Vulnerability Database Yanked Over Malware Infestation
blog comments powered by Disqus