Encryption
Now that we have spent some time looking at performance, we need to try out the other main feature of this drive. The SuperCrypt flash drive prides itself in using AES256 encryption with an 128ECB encoding algorithm. While looking at My Computer, the SuperCrypt presents itself as 2 separate hard drives. The firs hard drive is read only and contains the “password.exe” application which acts as the drive’s encryption utility. The second drive is the used for storage and contains the bulk of the space available. which The encryption features disable the drive from being seen until the correct password is entered or the user wipes the drive. This is done through the password application as can be seen in the pictures below.
|
Super Talent – Hidden Drive |
Super Talent – Password Unlock |
The password can be reset through the password management utility. The old password is required for reset as can be seen in the picture below. If you have forgotten your password, the “password.exe” utility provides a way of deleting the application, however, it does so at the expense of wiping the data. This requires the words “ERASE MY DISK” to be written in all caps.
|
Super Talent – Password Management |
Super Talent – Erase Disk |
Security Issues
While I have nothing against the drive being designed only for Windows, there are loopholes that simply can not exist when dealing with sensitive data that was meant to be protected. Since the drive uses software based encryption using “Password.exe”, I began to wonder what would happen if I were to use an operating system that is not Windows. I therefore decided to download Ubuntu 9.10 and run it as a Live CD to find out. What I was able to discover was simply astonishing. Not only was the mass storage visible, it was also unencrypted! I was able to access the files without needing to use the password or even open up the “Read Only” drive under My Computer. After snooping through my exposed drive, I proceeded to the “Read Only” partition. There I found a couple of interesting things. The files used for encryption of the password were visible and accessible, again, without the use of the password. This is evidenced in the pictures below:
|
Read Only Folder on Ubuntu |
Read Only Folder – Encrypted Files |
I would like to exchange links with your site http://www.techwarelabs.com
Is this possible?
Super Talent has a history of listening to our techwareLbs feedback so please feel free to comment you will probably find them very receptive as a company.