Results 1 to 9 of 9

Thread: program to break UFD encryption..

  1. #1
    Member
    Join Date
    Oct 2006
    Posts
    63

    program to break UFD encryption..

    I just got a new 1 G usb stick, and it comes with encryption... is there any program out there to attack the encryption on a usb stick

    thanks

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes,

    Just think of it as a regular HDD, the principles are the same. It depends on the architecture/methodology.

  3. #3
    Comes with encryption? What kind of USB stick comes encrypted??

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Comes with encryption? What kind of USB stick comes encrypted??
    A lot of them do these days. Three of my four came with a management software package that allowed for partitioning, encryption and password protection. All of them were under $20 (2 x 512Mb and 1 x 1Gb).

    I think that the critical phrase is
    and it comes with
    encryption
    , meaning software, not that it is actually encrypted already?

    So I guess the question is: "how good is the encryption, and how secure is it?"

    My answer is that it is the same as for anything else. It depends on the encryption algorithm and the strength of the crypto key.

    k_tech needs to check the manual or the manufacturer's website to find this out.

    The fact that it is a USB connected drive is not relevant.

    Last edited by nihil; January 16th, 2008 at 06:20 PM.

  5. #5
    How interesting...first time I've heard of that, though admittedly I don't often mess with thumb drives.

    I supposed the best encryption is not to lose it and let it fall into the wrong hands in the first place?

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Exactly!

    You might have caught that security news post I made a few weeks back about the British IRS losing the records of 25,000,000 people by sending them on CD through the post.

    Or the MI5 agent who left his laptop in a wine bar?

    Or the US Army thumb drives on sale in Bhagdad.

    People do tend to forget about physical security I know

    Myself, I just delete the software to get more space on the drive, because I don't store anything confidential on them

  7. #7
    Member
    Join Date
    Oct 2006
    Posts
    63
    Quote Originally Posted by nihil
    Yes,

    Just think of it as a regular HDD, the principles are the same. It depends on the architecture/methodology.
    could this be done with Openssl, but instead of attacking a file, attacking a mounted drive?.... also how would you find what type of encryption was used, and the strength.. or you just picked one and hope to guess it

    thanks to all

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    could this be done with Openssl, but instead of attacking a file, attacking a mounted drive?
    I am afraid that I do not quite understand that. As far as I am aware SSL is a communications protocol, and I do not see the relationship to cracking an encrypted and password protected drive?

    also how would you find what type of encryption was used, and the strength.. or you just picked one and hope to guess it
    That should be in the manual or on the manufacturer's website. I am not aware of any USB sticks that offer more than one, although different sticks have different (default) solutions. A Google search for the make and model might also turn up some product reviews that would contain those technical details.

    If you look at the very interesting article that SirDice has linked to, you will see that the answers to your questions are dependent on particular products/implementations and how the user has applied them. It also raises some questions of clarification regarding your original question:

    1. What resources are available ( i.e. what is your attack processing power)?
    2. What is an acceptable timescale for the product to resist or be cracked in?
    3. Is this a destructive or non-destructive scenario?.......... crudely speaking: "can we take the thing apart?"
    4. Can we assume the availability of specialist equipment and competent electronic enginering technician's skills?
    5. How long and strong is the password assumed to be?


Similar Threads

  1. Encryption Algorithms - Basics
    By kruptos in forum The Security Tutorials Forum
    Replies: 0
    Last Post: January 29th, 2005, 01:01 AM
  2. Card Counter
    By Jareds411 in forum Code Review
    Replies: 8
    Last Post: September 19th, 2004, 11:56 PM
  3. Guide to making a program
    By FlamingRain in forum Other Tutorials Forum
    Replies: 1
    Last Post: December 25th, 2003, 05:34 AM
  4. ASM TUT III (encryption included sort of).
    By Cheeseball in forum The Security Tutorials Forum
    Replies: 3
    Last Post: March 31st, 2002, 01:09 PM
  5. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 02:03 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •