Following the recent news about attacks against “secure” flash drives from Kingston, Verbatim and SanDisk other manufacturers have been rather quiet. This might mean they are checking their own products for similar vulnerabilities, or even working on patches for those before making any announcements. IronKey however is sure their products are safe, and want the entire world to know about that.
They provide a FAQ document with details about the vulnerability, information about how their own products are different, and even offer helpful links to security bulletins for many competing products.
This event serves as an important reminder that no product can be 100% secure; given enough time and resources any encryption can eventually be broken. FIPS 140-2 certification gives no guarantees about security; it only proves that the product meets some US government standards. As IronKey puts it:
FIPS 140-2 is a US Government security standard. It does not guarantee that a product is secure, and it is not a substitute for having deep technical expertise in the design and implementation of a security product. Some vendors think that data security means data encryption. The reality is that encryption is a small part of securing portable storage devices. Deep architectural knowledge is required in the areas of password management, authentication, encryption key management, roles and services, design assurance and physical security.
Related posts:
Your RSS reader
Daily e-mail
Twitter
