Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hydra PC USB drives unaffected by recently discovered vulnerability

Spyrus : 12 January, 2010  (New Product)
Authentication process used on the Spyrus Hydra PC range of USB encryption drives renders the kind of attack used by SySS to break encryption ineffective
In response to widely circulated reports regarding a serious vulnerability in certain USB encryption drives, Spyrus has confirmed that the entire Spyrus line of Hydra PC USB encryption drives is absolutely invulnerable to the flaw described in the reports. Since 1997, Spyrus has been making the most secure military-grade commercial encryption flash drives in the world.

On December 18th, researchers at the German firm SySS GmbH published a penetrating analysis of the flaws inherent in several vendors' "Enterprise-grade" USB encryption drives. The reported vulnerability focused on the use of a simplistic challenge response authentication method which employs a fixed/constant value which, once known, can be used by a hacker to bypass protection. This is in direct violation of sound security practices.

The entire line of Spyrus Hydra PC USB encryption drives are invulnerable to such attacks because no password authentication values or keys are ever stored on Hydra PC devices after logoff or removal. Unlike any competing USB encryption drive, the Hydra PC reconstitutes a Master Key Encryption Key at logon using a FIPS-approved Key Derivation Function which utilizes, at a minimum, an Elliptic Curve Diffie-Hellman (ECDH) public/private key pair unique to the device and a random, secret 256-bit "salt" value together with a SHA-256 hash of the user's password. The secret salt value and all other cryptographic computations are securely bound within the FIPS 140-2 epoxy-encased cryptographic hardware rather than in host system software. Therefore it is not computationally feasible to mount an offline attack against the PIN/password. Spyrus has the only USB encryption drive that provides such a robust authentication process to protect access to the data encrypted on the device.

Spyrus has specialised in portable, Government-approved commercial hardware-based encryption devices for more than 15 years. Spyrus was the first company to merge hardware encryption with flash, the first to implement the full set of Suite B cryptographic algorithms, and the first and only company to support both hardware-based file encryption and sector-based encryption.

All Hydra PC USB encryption drives are designed, developed, and manufactured in the USA and have FIPS 140-2 Level 2/Level 3 validations. Hydra PC is the only commercial USB encryption drive to be approved for protecting tactical classified data at the secret level and below when used in accordance with the applicable security doctrine.

Spyrus customers, including the US Government and other demanding enterprise customers, can rest assured that their encrypted data remains completely secure.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo