edc flashdrive?

[2500ekW]

I think that carrying that kind of information on you at all times could be really dangerous. Even if it is encrypted. I have a few friends that can break into encrypted information in a hour or less. To me thats just asking for your identity to be stolen. No matter how secure a computer or software is there is always someone out there that can break into it.

I assure you, your friends cannot crack real encryption. With a long enough and random enough pass phrase, 256 bit AES is uncrackable.

DO NOT rely on the silly U3 stuff that comes with Sandisk flash drives. Check out Truecrypt

 

[Driver]

I assure you, your friends cannot crack real encryption. With a long enough and random enough pass phrase, 256 bit AES is uncrackable.

There are people that are hacking in to bank systems, and federal Government servers all of which have way better encryption than that.
Any encryption can be broken if the person trying to break it wants it bad enough and has a bit of knowledge and a lot of time.

 

[thompal]

There are people that are hacking in to bank systems, and federal Government servers all of which have way better encryption than that.
Any encryption can be broken if the person trying to break it wants it bad enough and has a bit of knowledge and a lot of time.

"a lot of time" is the operative phrase. 256 bit AES would take a year or more on a Cray. The 1024 bit RSA would likely take several years on a Cray. It's crackable, but only at great expense and computer time. By the time it's been cracked, the information would be outdated by a long way, which makes "useful information" uncrackable.

The cheapo encryption used on the Sandisk flash drives, and low-grade SSL are pretty easily cracked, as is WEP encryption. All of those can be cracked in a day or less, which is why nobody relies on them for anything more than keeping porn out of the hands of their kids. (grin)

 

[skseifert]

There are people that are hacking in to bank systems, and federal Government servers all of which have way better encryption than that.
Any encryption can be broken if the person trying to break it wants it bad enough and has a bit of knowledge and a lot of time.

First of all let me state, Information Security IS my profession, and specifically Encryption Technologies and data protection. Bank systems and governments are compromised for two basic reasons - first, they do a poor job of implementing encryption and data protection (gasp, is he saying the government is incompetent). Second, you have to have real world means to access encrypted data - i.e. passwords and other sorts of tokens - which can be stolen and socially engineered to be compromised. The biggest fallacy in implementing these systems is the protection around the credentials used to unlock the encryption keys. Case and point - kudos on the other contributer for stating not to use U3 or SanDisk - although they do encryption VERY well, the made the credentials incredibly easy to hack. THUS, back to my original statement that I use hardware encrypted USB's like IronKey - they protect the authentication of the credentials quite well.

I would also like to ask a more philosophical question - why fret so much about whether or not encryption can be broken, when most of us routinely, and without caution, hand the waitress our credit card, who disappears with it for quite some time - and we think nothing of it.

Food for thought!

 

[thompal]

the protection around the credentials used to unlock the encryption keys. Case and point - kudos on the other contributer for stating not to use U3 or SanDisk - although they do encryption VERY well, the made the credentials incredibly easy to hack.

What's the current estimate on time it would take to crack a U3 encrypted file if someone intercepted it on a network using wireshark or airshark?

How does the Sandisk system compare to the public/private key system of PGP/GPG?

I haven't really read up on encryption software since the early 90s, and I'm sure things have gotten better in the serious software, and sloppier in the cheap "consumer grade" software.

 

[HICKMAN]

First of all let me state, Information Security IS my profession, and specifically Encryption Technologies and data protection.

I miss working with this guy

 

[Hemingway]

I use the Corsair Survivor with several layers of encryption.

If you are concerned about traffic accident or something else and not being able to communicate important info, try this. I'm a huge fan of these guys:


Road ID® USA's #1 Source for Runners ID, Cycling ID & Medical ID Tags

 

[HICKMAN]

If you are concerned about traffic accident or something else and not being able to communicate important info, try this. I'm a huge fan of these guys:


Road ID® USA's #1 Source for Runners ID, Cycling ID & Medical ID Tags

Big

Need to get mine updated for the upcoming shooting season.

 

[skseifert]

What's the current estimate on time it would take to crack a U3 encrypted file if someone intercepted it on a network using wireshark or airshark?

How does the Sandisk system compare to the public/private key system of PGP/GPG?

I haven't really read up on encryption software since the early 90s, and I'm sure things have gotten better in the serious software, and sloppier in the cheap "consumer grade" software.

For both of these, it was not the encryption that was cracked, it ws the authentication method that was cracked (that releases the encryption keys). Specifically for the SanDisk, they had a flaw in that you could send the API a defined code, and it would trick it into thinking it authenticated the user - and allow access to the keys. The hardware encrypted USB's run all the process on the stick, so it is much more difficult (if not impossible) to interact with the authentication either. So in the SanDisk case, if you knew what code to send it, it was literally instantaneous access. But again though, it was not hacked encryption - it was poorly written authentication software.

 

[skseifert]

I assure you, your friends cannot crack real encryption. With a long enough and random enough pass phrase, 256 bit AES is uncrackable.

DO NOT rely on the silly U3 stuff that comes with Sandisk flash drives. Check out Truecrypt

+1 on TrueCrypt - and you can't beat the price. But if you can afford it, go for an IronKey, SafeStick or Kangaroo hardware encrypted stick.