Tuesday, February 19, 2008

Enclosed, but not encrypted

Here's the deal; Just because the box says the device encrypts the data doesn't really mean anything. Flaws in hardware capabilities, execution and algorithms render the encryption almost meaningless. Anyone who wants to study a bit can beat it. Anyone!

The article linked to at Heise shows how badly the makers and sellers of the device mislead the public. They say it is for "general purpose" users but the truth is that the encryption is no more than a speed bump on the way to reading the data. Better to use GnuPG, PGP or TrueCrypt on a regular drive in a regular enclosure. There are a lot of ways to accomplish what this device fails so spectacularly at; both free and proprietary.

Personally, I recommend TrueCrypt, though I use GnuPG, as well.

Jack

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.