1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Corsair Flash Padlock 2 8 GB

Discussion in 'Reviews' started by Darksaber, Mar 6, 2010.

  1. Darksaber

    Darksaber W1zzard's Sidekick Staff Member

    Joined:
    Jul 8, 2005
    Messages:
    2,622 (0.79/day)
    Thanks Received:
    782
    Location:
    Gmunden, Austria
    Last edited: Apr 5, 2010
  2. PVTCaboose1337

    PVTCaboose1337 Graphical Hacker

    Joined:
    Feb 1, 2006
    Messages:
    9,513 (3.07/day)
    Thanks Received:
    1,142
    Location:
    San Antonio, Texas
    Very unique product. I use a lock drawer and encryption as well. Generally does pretty well. This looks promising but it is too small, and too expensive.
  3. Darksaber

    Darksaber W1zzard's Sidekick Staff Member

    Joined:
    Jul 8, 2005
    Messages:
    2,622 (0.79/day)
    Thanks Received:
    782
    Location:
    Gmunden, Austria
    Edited the review for some last minute "insights"... ;)
  4. PVTCaboose1337

    PVTCaboose1337 Graphical Hacker

    Joined:
    Feb 1, 2006
    Messages:
    9,513 (3.07/day)
    Thanks Received:
    1,142
    Location:
    San Antonio, Texas
    That was quite a drop in score! Oh my it even lost the good value tag! Hope that is not because of me. What worries me the most is:

    "Two minute timeout can be easily circumvented, allowing for a continous brute force attack"

    Also, wow 5 digits, hmm well I can crack that in... No time.
  5. Darksaber

    Darksaber W1zzard's Sidekick Staff Member

    Joined:
    Jul 8, 2005
    Messages:
    2,622 (0.79/day)
    Thanks Received:
    782
    Location:
    Gmunden, Austria
    you have to realize, while there are 5 digits to choose from, the PIN length is unaffected with up to 10 numbers, just narrows it down a lot as you know in a PIN of the maximum length not every number is unique and there are repetitions. Fact is that if you advertise a product with number 1-5 only it comes across as insecure and does not convey that peace of mind. Corsair is giving the user the 10 different digits on the casing but in reality is dumbing it down inside - not very cool.
  6. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,645 (3.93/day)
    Thanks Received:
    11,382
    let's do some math here (correct me if i'm wrong please)

    the total number of combinations advertised is:
    10^4+10^5+10^6+10^7+10^8+10^9+10^10 = 11,111,110,000 = 11 billion

    the actual number of combinations with 5 keys instead of 10 is:
    5^4+5^5+5^6+5^7+5^8+5^9+5^10 = 12,206,875 = 12 million

    so basically a factor of 1000 difference!

    bruteforce:
    in the review we have seen that is is possible to circument the lockout timer, which means you could hook up some kind of bruteforce device (like in the movies) .. using a conservative 10 keys per second without lockout timer:

    11 billion * 0.1 seconds per key = 1.1 billion seconds = ~12,700 days
    12 million * 0.1 seconds per key = 1.2 million seconds = ~13.8 days
  7. Thrackan

    Thrackan

    Joined:
    Oct 10, 2008
    Messages:
    3,482 (1.64/day)
    Thanks Received:
    656
    Since you have 10 digits, with 10 (or in this case 5) possibilities per digit, isn't it:

    10^10 or 10*10*10*10*10*10*10*10*10*10 (10 000 000 000)
    vs
    5^10 or 5*5*5*5*5*5*5*5*5*5 (9 765 625)

    Still, your factor 1000 difference is about correct, but <10 million unique combinations is even worse :confused:
  8. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,645 (3.93/day)
    Thanks Received:
    11,382
    you can have 4 to 10 digits in your pin
  9. Thrackan

    Thrackan

    Joined:
    Oct 10, 2008
    Messages:
    3,482 (1.64/day)
    Thanks Received:
    656
    Ah yeah, I missed that.
    Maybe you should test whether a PIN of 0000000000 is the same as 0000 :D
  10. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,645 (3.93/day)
    Thanks Received:
    11,382
    interesting question .. darksaber will be home later today to test this .. i am also wondering if the device reports "wrong code" after the exact same number of digits as the actual pin ?

    this could be used to guess the pin length, potentially reducing the number of possible pins by over 95%
  11. Thrackan

    Thrackan

    Joined:
    Oct 10, 2008
    Messages:
    3,482 (1.64/day)
    Thanks Received:
    656
    Well, I guess you have to press the "key" button to verify your PIN, but that could still mean that "12345" could pass when your PIN is "1234"...
  12. VIPER

    VIPER

    Joined:
    Feb 5, 2007
    Messages:
    189 (0.07/day)
    Thanks Received:
    17
    I was just playing today with the first generation of Corsair Padlock. I have a 1GB flash and I am using for a WIN PE environment. It is quite nice.

    Question: how do you change the battery to the new Padlock?
    Last edited by a moderator: Mar 27, 2010
  13. Darksaber

    Darksaber W1zzard's Sidekick Staff Member

    Joined:
    Jul 8, 2005
    Messages:
    2,622 (0.79/day)
    Thanks Received:
    782
    Location:
    Gmunden, Austria
    The Padlock 2 acts correctly. it does differenciate in the actual length of the PIN. Just tried it. Thus, 0000 != 000000000.
    Thrackan says thanks.
  14. Darksaber

    Darksaber W1zzard's Sidekick Staff Member

    Joined:
    Jul 8, 2005
    Messages:
    2,622 (0.79/day)
    Thanks Received:
    782
    Location:
    Gmunden, Austria
    You don't. If your battery runs out, it can be recharged by plugging it into the PC for about an hour. If it is completely dead, the Padlock 2 falls under warranty.
  15. Darksaber

    Darksaber W1zzard's Sidekick Staff Member

    Joined:
    Jul 8, 2005
    Messages:
    2,622 (0.79/day)
    Thanks Received:
    782
    Location:
    Gmunden, Austria
    If the wrong PIN is entered, the red light flashes, no matter if the wrong PIN is of equal length as the correct one or not. Thus there is no way to figure out how long the PIN is, as you have to press "Key", then enter your code, then press "Key" again.
    Thrackan says thanks.
  16. Thrackan

    Thrackan

    Joined:
    Oct 10, 2008
    Messages:
    3,482 (1.64/day)
    Thanks Received:
    656
    Thanks for clearing those things up Darksaber.
  17. Darksaber

    Darksaber W1zzard's Sidekick Staff Member

    Joined:
    Jul 8, 2005
    Messages:
    2,622 (0.79/day)
    Thanks Received:
    782
    Location:
    Gmunden, Austria
    I should also mention, that even though you could design a circuit that cuts off battery power and checks for data accessibility after every PIN entry, you will still have to enter the PIN manually. This means that, while a brute force is still possible, it would take much longer than just a few minutes.
  18. tyler.derden New Member

    Joined:
    May 29, 2010
    Messages:
    1 (0.00/day)
    Thanks Received:
    0
    Let me clear up some errors

    5 hardware buttons does not mean 5 digits to choose from. Pushing a button twice gets you the second digit assigned to that button, so 10 digits are available. With programming you can assign as many "digits" to one button as you want. They could have used one button (press it 5 times to enter a five, for example) but it would have been a major PITA to enter a pin so they used more buttons to make entering the pin easier. Easiest of all would be to have one button per digit, but they don't have room for that on the small package.

    The pin can be 4 to 10 digits long. The total number of combinations available is ALL of the 4 digit pins + ALL of the 5 digit pins plus... ...ALL of the 10 digit pins.

    Since digits can be repeated in the pin, any pin digit can be any of the 10 digits. That means there are 10x10x10x10 possible 4 digit pins. (10000 = 10^4 possible combinations). To make this simple, adding each digit to lengthen the pin simply multiplies the number of combos by 10.
    So for a 4 digit pin, there are 10000 (=10^4) combos, for 5 digit pin, there are 10^5 combos. So here it is: the total number of possible pins is 10^4 + 10^5 + 10^6 + 10^7 + 10^8 + 10^9 + 10^10. My brain tells me there are 11,111,110,000 possible combinations.

    The data is stored in the memory chip encrypted- there would be no point in encryption if the data were stored clear. The old version of this device was hardware hackable apparently by telling the cipher chip that a valid pin had been entered even when it hadn't- an unbelievably silly weakness in the design. Covering the chips with epoxy makes it more difficult to access the PCB, but not terribly difficult. A moderately determined attacker with simple tools will be able to clean off the epoxy. Did they use the same chips with the same weakness or did they change the design? Only time will tell.

    A real secure device would include mechanical interlocks designed into the package that will do physical damage to the device if it is opened - releasing acid, explosive charge, incendiary, etc., but you'd probably only find that level of security in very expensive military and intelligence agency devices.

    This thing looks like a bargain at $50, even if they merely covered the old PCB with epoxy. It's like locking your bike- you don't need the best available lock- it just has to be a little better than those on the other bikes around yours.
    Last edited: May 29, 2010
  19. m4rkiz New Member

    Joined:
    Jan 11, 2012
    Messages:
    1 (0.00/day)
    Thanks Received:
    0
    this fact is not mentioned anywhere (corsair website, padlock 2 faq, user manual, quick start guide) so i really doubt it is true
  20. bojan501 New Member

    Joined:
    Feb 3, 2012
    Messages:
    2 (0.00/day)
    Thanks Received:
    0
    problem

    my flash drive only blinking red.what s the problem.not working reset password,not working on the instruction.please help
    Last edited: Feb 3, 2012
  21. bojan501 New Member

    Joined:
    Feb 3, 2012
    Messages:
    2 (0.00/day)
    Thanks Received:
    0
    ]my flash drive only blinking red.what s the problem.not working reset password,not working on the instruction.please help

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page