Security »

Corsair Padlock USB Flash Pen Drive Security

Maybe not so secure after all

The Corsair Padlock 2 USB Flash Pen Drive is a USB memory protecting its contents using encryption. I really like this concept using the drive itself as a secure perimeter not relaying on any host software for the protection.

The sales brochures states it's using 256 bit AES. This may be very true, but unfortunately the PIN code can be maximum ten digits in base five, i.e. 5¹⁰ combinations, rendering log2(5¹⁰) ≈ 23 bits, far far away from the promised 256 bits. An encryption scheme using 23 bits is nothing more than a toy.

Of course, to exploit this vulnerability you'd have to crack the secure perimeter itself, i.e. open it extracting the memory chips. Still I think it is very bad practice of Corsair to claim AES256. This only creates a false sense of security possibly leading to an unsafe usage, putting too sensitive information on the drive.

I like the drive and I like the concept. I just don't like the misleading claims.

Side note

This USB memory also got some GNU/Linux issues you can read more about below.

/By Mikael Q Kuisma


Ping site

Page last modified 2013-10-14 20:18Z