OSNews

It's not a question of money but rather a question of time. Give'm time and they'll break it. If a human built another one can crack it.

I could see how this would be a good way of securing sensitive data. AES is the leader at the moment in symmetric encryption, so cracking it would be pretty hard; assuming a good key was picked. Picking a secure password these days is getting increasingly hard as computers can run through tests rapidly.

The choice of SHA-1 is a bit unnerving though, given that a flaw, rumoured in August of last year, was confirmed earlier this year. It's "good enough" at the moment, but most people are moving up to SHA-256 and even SHA-512.

What's really encouraging about this though is that a company opened their product to the public (albeit on a limited basis) and made no attempt to hide the flaws discovered. That's the best way to move forward, now that data increasingly has significant monetary value.

I wander how VIA's stongbox would hold up if they gave a few out to the crypto/security community for, lets say, 6 months.
Usually when a company offers a cash reward for breaking the security in one of their products it's a publicity stunt.

do you think this is useless compare to quantum cryptology???? are we already using quantum cyptography???
-2501

The really good hackers will pass on the $5,000 prize. They'll wait till they find one that's loaded with credit card numbers.

Why not just break into it with an axe?

j/k

It's a harddrive that hardware-AES-encrypts your data using a SHA1 hash as the key. They're right, it's as unhackable as it gets. Though the amount of credit they took for that bothers me.

hackers are over credited for strong encyrption. This kind of isolated systems are near-impossible to crack for the weak tools of the casual hackers. Basic distributed brute force attacks takes hundreds of years for even this basic 256bit cryptos. The only feasible attack is to steal the hard drive, and try to obtain the key using electronic measures. But this is not possible in this case either. posibly key is also inside the encryption ic.
Maybe one idea would be trying to guess the key using known input-output patterns but AFAIK AES do not have such weakneses.

whats a hacker?

Social engineering usually works in a few minutes if you ask the idiot nicely to reveal the PW, and if that option doesn't work, then I'm afraid the nasty solution would follow if the data is known to be there and is very valuable.

In away, just using such crypto advertises that something of interest is there, surely best to hide the strong stuff inside of something known to be very weak to suggest nothing much there and put another decoy system infront marked AESinside.

Of course, this is only good as long as you never hook the drive up to a computer. There is of course, a mechanism to read the data on the drive, and that is to be logged in with the proper password to access the drive in the first place.

This won't stop someone from driving a Mack truck through a hole in the operating system. Once the OS is compromised, it doesn't take long to seperate a fool from his data.

But you have to really want it bad. So for most things this will work wonderfully.