Wow these things are super expensive for thumb drives!
Is this encryption strong enough to frustrate the premium NSA code crackers if they wanted to get into the drives?
DataTraveler Vault Privacy 3.0 Specs link here
No one thinks NSA (or anyone else) can crack 256-bit AES encryption.
The way they deal with this problem is to: (1) get manufacturers to build in back doors; (2) find a flaw in how the manufacturer has implemented that protocol; (3) get you to install malware; or (4) steal your password.
Generally, with proprietary devices like this, there’s no way to determine whether (1) or (2) has left you vulnerable. That’s why most security experts recommend using software that is open source, so it can be audited.
Generally speaking, any security that isn’t done by Google or Apple is badly enough implemented that sophisticated state actors can bypass it using (2).
Could part of that cost be USB 3.0? 3.0 seemed to be more expensive, but expected to normalize over time as there are more adopters?
Does that include Microsoft Bitlocker then?
USB 3.0 is very common now. This Sandisk 32GB USB 3.0 thumb drive is $15, compared to $86 for the one OP linked to (32GB version).
Historically, Microsoft has not been good at creating secure products.
IIRC, the Snowden archive showed that CIA had cracked Bitlocker, but I could be wrong
I agree with all of this except the last line. Google and Apple are no exceptions.
If nothing else, the password complexity enforcement probably isn’t good enough, because it’s tough to measure password complexity properly (as illustrated by xkcd). And the lockout after ten attempts is easy enough to bypass, by anyone with the resources to clone the entire device. So there’s a good chance that they could break in via brute-forcing the password.
No one, not even the NSA, could brute force a 256 bit password, unless the password is poorly chosen and, for example, appears in a list of common passwords or something like that. If the NSA cloned a TRILLION copies of the drive and was able to test a password every femtosecond on all those drives in parallel, it would still take over 3 x 10[sup]42[/sup] years to test all 2[sup]256[/sup] passwords.
Of course, they are equally as likely to get it on the first try as the last. Or are they?
They are, so people generally say on average it will take until your try 1/2 the passwords.
The NSA isn’t going to crack your encryption by running a thousand supercomputers for a couple of years or centuries or geologic eras, or whatever.
They’re going to crack your encryption by going around the encryption, not through it. Or, they won’t be able to crack your encryption.
The point is, having super-duper mega encryption is fine and all, but if you’re at Gitmo being beaten by CIA torturers, you might find yourself giving them your password. Or they put a keylogger on your computer and got your password that way. Or there’s a flaw, not in the mathematics of the encryption, but in the particular implementation of the encryption.
Of course the real reason your data is secure is not that the NSA can’t break your encryption but because you’re a nobody and they’ve got lots of more important things to do than breaking the encryption on your porn stash. But also, lots of terrorists are using encryption, and probably in a lot of cases that encryption works and the NSA isn’t able to read that information. But in a lot of other cases terrorists are using encryption but there’s a flaw that enables the NSA to crack it. And then they get to read the terrorists boring emails about how the food sucks at the terrorist training camp.
Just as important as the content of the traffic is the mere fact that the traffic exists. If Bob the Terrorist emails some random guy Steve something encrypted that the NSA can’t read, just knowing that Bob emailed Steve is incredibly important.
Nobody can brute-force a 256-bit password unless it was poorly chosen, but an awful lot of passwords are in fact poorly chosen. This thumb drive tries to prevent that by enforcing complexity requirements, but password complexity requirements don’t work nearly as well as they’re supposed to, since passwords can look very complex without actually being so. The only way to test whether a password can survive, say, a 24-hour attempt at cracking it is to spend 24 hours attempting to crack it. Which is a short amount of time for the NSA trying to get at some piece of information they want, but a long time to wait for the security system to verify that your password is good enough.
Unless there’s something in there that can’t be cloned, like the encryption key hard-coded into Apple chips that can’t be read, the only way you see its effect is the output of crypto functions. I’m not sure about the technology to read something like that, maybe cutting the chip open and using an e-beam probe, but it’s way harder than just cloning the memory.
Sure, it’s sometimes harder than others, but we’re talking the NSA here. If they really need to, they can and will cut the thing open and look at it with an electron microscope.
I don’t know enough about the implementation of these specific devices to know if that extreme is necessary, but it’s at least an option.
I am willing to bet the NSA uses Rainbow Tables (basically a database of precomputed hash functions). They can then look up the hash in their database and if it is there then they are done (unless they salted the password).
You’re assuming that these things don’t even salt the passwords? Yeah, I know that implementation of security is often sloppy, but I wouldn’t expect any major player nowadays to be that sloppy.
And rainbow tables won’t help against good passwords, anyway. If a password is good enough that it’d take a time measured in scientific notation to brute-force it, then it’d take just as long to construct a rainbow table that would include it, too. Rainbow tables don’t help you crack any one password quicker; rather, they let you crack a whole bunch of different passwords all at once.
The real answer to a question like this is the old standard - those who say don’t know, and those who know don’t say.
It’s worth keeping in mind that the NSA has 2 main functions - making the codes, and breaking the codes (I count ‘intercepting’ as the first step in breaking codes - you may disagree).
If NSA well and truly viewed any commercially available encryption scheme as unbreakable, they would use it, and there would be a lot of mathematicians looking for work. Indeed, every countries intel service would be using the scheme. NSA would be out of business.
I think it’s assumed by most experts that the NSA cannot break a good modern encryption algorithms like AES-256. As Lemur866 said upthread, they work by going around encryption, not by breaking it. Sloppy password handling, key loggers, compromised routers, etc. Those are the tools that the NSA uses. They can’t break an AES encrypted file if they have no way of getting the key. Of course it’s possible that they have some cryptanalysis technique up their sleeve that no one else knows about, like the way they kept differential cryptanalysis secret for some years. But it’s interesting that one of the things they did with that knowledge was to STRENGTHEN the DES algorithm, making it resistant to a cryptanalysis technique that practically no one knew about except themselves.