Jump to content
Corsair Community

PAD LOCK & Security


florky

Recommended Posts

Hello all,

Just received my new usb key, a pad lock 2go, I just wanted to ask some questions.

 

- is there any way for someone who could find it to reset my pin code and access private data ?

- Could it be reseted by opening the key and removing the battery ?

- is there any kind of protection between the pad and the usb key itself ? I mean, i did not open the usb key, but I assume there is a kind of encryption between the pad and the stick itself as it sounds like to be glued over a standard flash disk reason of his size.

 

thanks!

Link to comment
Share on other sites

  • Corsair Employees

- is there any way for someone who could find it to reset my pin code and access private data ?

 

A: No once the code is set there is no way to reset the drive, if you loose or forget the pass word you would not be able to access the drive.

 

- Could it be reseted by opening the key and removing the battery ?

 

A: NO the password is in the firmware and there is no way to reset it with out knowing the pass word you set. The battery just powers the keypad and LED's

 

- is there any kind of protection between the pad and the usb key itself ? I mean, i did not open the usb key, but I assume there is a kind of encryption between the pad and the stick itself as it sounds like to be glued over a standard flash disk reason of his size.

 

A: No but we will in a later version encrypt the data on the fly so it is more secure. IE in other words if someone takes the memory chips and installs them on another unit that is exactly the same they might be able to read the data on the drive. However. 90% of the time the unit would be destroyed to do this type of swap as the housing is bonded to the PCB.

Link to comment
Share on other sites

So what happens if you forget your password, assuming you didn't register it?

 

I was reading the Flash Padlock page (http://www.corsair.com/products/padlock.aspx) and the PDFs attached to it, and I had some further questions.

 

Flash Padlock User Manual

Flash Padlock App Note

Flash Padlock Whitepaper

 

 

I see that the PIN can be anywhere from 1 to 10 digits in length. When you are entering in the combo, you really only have 5 possible buttons to use. WARNING: CALCULUS (IIRC) AHEAD!

 

So instead of there being (the summation of n=1 to 10, where the equation equals 10 to the power of n) 11,111,111,110 possible combinations, there's really only (the summation of n=1 to 10, where the equation equals 5 to the power of n) 12,207,030 possible combinations, correct?

 

[that's all possible combinations added together for PINs 1 to 10 digits long. Comparing PINs that are only 10 digits long, that's

10,000,000,000 versus 9,765,625]

 

The manual has instructions to set the device to "always unlocked" mode. After this mode is set (which the manual does state can only be done from an unlocked mode), and you re-lock it, the PIN can be different from the initial PIN, correct?

 

 

The following questions may or may not be best answered by ClevX, your call RG and JF :)

 

Note: Unless I missed it, on the Whitepaper, 5 APPENDIX: AUTHENTICATION COMPARISON TABLE, at the end it says:

** User must remember backup password

 

However, ** is not used in the table at all.

 

 

Now, the white paper mentions that ...

An auto-locking feature allow Padlocks to lock themselves when removed or the host shuts down. If the drive is unlocked under battery power, it will automatically re-lock if a host is not detected within 15 seconds.

 

Could someone disconnect the device from one PC, and connect it to another, and still have full access to the device's information?

 

What is the battery life of said battery within the device?

 

What happens if / when the battery in the device dies?

Link to comment
Share on other sites

  • Corsair Employees
So instead of there being (the summation of n=1 to 10, where the equation equals 10 to the power of n) 11,111,111,110 possible combinations, there's really only (the summation of n=1 to 10, where the equation equals 5 to the power of n) 12,207,030 possible combinations, correct?

A: Honestly I have not personally sat down and done the math but that sounds about right I am not sure if there are any other limitations that I am not aware of but I will check and let you know if this is not correct.

 

 

Note: Unless I missed it, on the White paper, 5 APPENDIX: AUTHENTICATION COMPARISON TABLE, at the end it says:

** User must remember backup password

 

However, ** is not used in the table at all.

A: The user has to remember the password there is no way to recover it.

and If I understand you correctly it has to be a number.

 

 

The manual has instructions to set the device to "always unlocked" mode. After this mode is set (which the manual does state can only be done from an unlocked mode), and you re-lock it, the PIN can be different from the initial PIN, correct?

A: No once the pin is set its the same pin code to unlock the device.

 

 

Could someone disconnect the device from one PC, and connect it to another, and still have full access to the device's information?

A: No it will lock automatically and you would need to enter the code to use it on the new system.

 

 

What is the battery life of said battery within the device?

What happens if / when the battery in the device dies?

A: The Pad Lock has a Two Year Warranty if the battery dies and its under warranty we will replace it. And I am sorry the batterY is not user replaceable.

Link to comment
Share on other sites

A: The user has to remember the password there is no way to recover it.

and If I understand you correctly it has to be a number.

I was reporting a typo, there's no question there :)

 

 

A: No once the pin is set its the same pin code to unlock the device.
The wording in the manual seems to refer to being able to change it when in this "always unlocked" mode, but maybe tat's just me

 

 

A: No it will lock automatically and you would need to enter the code to use it on the new system.
What about the 15 second delay the manual mentioned?
Link to comment
Share on other sites

  • Corsair Employees

I was reporting a typo, there's no question there :)

A: Da! Sorry, I just walked right by that LOL Sorry! It refers to the ** at the bottom of the page if I understand it correctly.

 

The wording in the manual seems to refer to being able to change it when in this "always unlocked" mode, but maybe tat's just me

A: When its in Unlock mode you can change it but it has to be unlocked first then U can change it. Other wise it will not accept the password.

 

What about the 15 second delay the manual mentioned?

A: The delay is hen the password is set, or in other words once you enter the pass word you have 15 seconds to confirm it other wise it will not be set, and you have 15 seconds to enter the pass word or it will not unlock. The delay starts when you enable or start the lock/un-lock process.

 

But to be sure I will get one of the drives in the next few days and make sure for you.

Link to comment
Share on other sites

A: The Pad Lock has a Two Year Warranty if the battery dies and its under warranty we will replace it. And I am sorry the batterY is not user replaceable.

 

Well ... I though it was a 10 year warranty ? So what's next after this two years ? Should I send you back my padlock device to change the battery ?

 

Thanks for all these answer !

Link to comment
Share on other sites

The merchant told me that it was covered by a 10 year warranty ... Strange that you mention only two years here .. ???

 

About your previous reply concerning the encryption on the fly.

 

"... but we will in a later version encrypt the data on the fly so it is more secure ..."

 

Could it be part of a firmware update ... Or will it be a totally new version of the PADLock ?

 

Thanks!

Link to comment
Share on other sites

Is that normal that if I disconnect my padlock from my laptop (xp sp2), and connect it to my imac, I get access to the data it contain without having to enter any access code ?

 

Did this actually happen, or is this a theory? If the former, then try waiting 20 seconds, and seeing if it still works, or if you need the PIN.

Link to comment
Share on other sites

  • Corsair Employees

Wait!

I was not correct, the device will always give you a 15 second delay before it locks. So if you remove it and insert it with in 15 seconds it should stay unlocked. As long as the green light is blinking when you move the drive it will stay un-locked.

Link to comment
Share on other sites

I'd have to view the 15 second window as a security hole via physical social engineering. It makes sense to have a delay long enough where if it falls out of the USB port (unlikely) or gets taken out, only to be put right back in, you don't have to unlock it again (in otherwords it's a good user function feature), but this 15 second window does open up opportunities for unscrupulous people to get access to your info. However, the window would only be opened by fault of the end user, but then this comes back to social engineering forcing said window open.

 

Then again, it's better than the majority of USB sticks out there w/ no physical security at all.

 

As a counter-action against this, you can still encrypt the USB stick via the freeware tools already posted around here, correct? Assuming so, is the software still on the USB sticks, or is it a separate download?

Link to comment
Share on other sites

  • 2 weeks later...
No it is a lithium Battery and will fail over time.

 

Thanks. A couple more questions.

 

What's the life expectancy of the battery?

 

When the battery fails, is there any way to access the data on the device?

 

[edit] I just tested it, and it can be unlocked while plugged in. So the question is will this method work even if the battery is dead?

Link to comment
Share on other sites

  • Corsair Employees

If it fails in two years we will replace it, the expected life is 3-5 years but will depend how you use it. And if it is locked when the battery fails you can still just plug it into a system and the system will provide the power to activate it.

But don't forget your pass word you set.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...