Yes: security is hard

I came across this article, "NIST-certified USB Flash drives with hardware encryption cracked.". The money quote:

"The real question, however, remains unanswered – how could USB Flash drives that exhibit such a serious security hole be given one of the highest certificates for crypto devices? Even more importantly, perhaps – what is the value of a certification that fails to detect such holes?" (from "NIST-certified USB Flash drives with hardware encryption cracked.".)

I was quite intrigued by this article given that we talk blithely about using encrypted, write-once media to transfer information between various components of a voting system. I hadn't followed up with folks who know more about this than me, but I have a hard time understanding exactly encrypted, write-once media are or how they work or don't work.

You should draw your own conclusions about the significance of the linked article. I am actually not sure who "H-Security" is and what their particular angle or grindable axe might be. Also, Whether the security hole they report is big news or old hat among the cognoscenti. Stay tuned.

Previous
Previous

Barbara Simons on Voter Registration

Next
Next

Shelfware or Liveware?