• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Corsair Flash Padlock 2 8 GB

Darksaber

W1zzard's Sidekick
Staff member
Joined
Jul 8, 2005
Messages
2,645 (0.58/day)
Likes
1,078
Location
Gmunden, Austria
System Name Core i7 Overclocked - Main Workstation
Processor Core i7 940 at 3.66 GHz
Motherboard Asus P6T Deluxe
Cooling Noktua U14P Super Silent
Memory 3x2GB OCZ 1600 MHz CL8
Video Card(s) 2x MSI Cyclone Radeon 6850 1GB in Crossfire - tuned to be silent
Storage G.Skill 240GB Sandforce SSD, 1x 640GB Samsung F1, 2x500GB Samsung Spinpoint, 1.5TB External Samsung
Display(s) Samsung 305T 30" 2560x1600 DVI LCD
Case Corsair Obsidian 800D
Audio Device(s) Asus Xonar D2X PCIe
Power Supply Thermaltake Toughpower XT 750W
Software Windows 7 Home Premium 64 Bit
#1
Corsair's latest Padlock revision brings about more changes than just a new look. Data is now secured with a 256-bit AES encryption, unlike the original Padlock 1, which just cut off power to the flash drive unless the correct PIN was entered. We drill the Padlock 2 to see if it holds up or snitches under pressure.

Show full review
 
Last edited:

PVTCaboose1337

Graphical Hacker
Joined
Feb 1, 2006
Messages
9,501 (2.17/day)
Likes
1,097
Location
Dallas, Texas
System Name Whim
Processor Intel Core i5 2500k @ 4.4ghz
Motherboard Asus P8Z77-V LX
Cooling Cooler Master Hyper 212+
Memory 2 x 4GB G.Skill Ripjaws @ 1600mhz
Video Card(s) Gigabyte GTX 670 2gb
Storage Samsung 840 Pro 256gb, WD 2TB Black
Display(s) Shimian QH270 (1440p), Asus VE228 (1080p)
Case Cooler Master 430 Elite
Audio Device(s) Onboard > PA2V2 Amp > Senn 595's
Power Supply Corsair 750w
Software Windows 8.1 (Tweaked)
#2
Very unique product. I use a lock drawer and encryption as well. Generally does pretty well. This looks promising but it is too small, and too expensive.
 

Darksaber

W1zzard's Sidekick
Staff member
Joined
Jul 8, 2005
Messages
2,645 (0.58/day)
Likes
1,078
Location
Gmunden, Austria
System Name Core i7 Overclocked - Main Workstation
Processor Core i7 940 at 3.66 GHz
Motherboard Asus P6T Deluxe
Cooling Noktua U14P Super Silent
Memory 3x2GB OCZ 1600 MHz CL8
Video Card(s) 2x MSI Cyclone Radeon 6850 1GB in Crossfire - tuned to be silent
Storage G.Skill 240GB Sandforce SSD, 1x 640GB Samsung F1, 2x500GB Samsung Spinpoint, 1.5TB External Samsung
Display(s) Samsung 305T 30" 2560x1600 DVI LCD
Case Corsair Obsidian 800D
Audio Device(s) Asus Xonar D2X PCIe
Power Supply Thermaltake Toughpower XT 750W
Software Windows 7 Home Premium 64 Bit
#3
Very unique product. I use a lock drawer and encryption as well. Generally does pretty well. This looks promising but it is too small, and too expensive.
Edited the review for some last minute "insights"... ;)
 

PVTCaboose1337

Graphical Hacker
Joined
Feb 1, 2006
Messages
9,501 (2.17/day)
Likes
1,097
Location
Dallas, Texas
System Name Whim
Processor Intel Core i5 2500k @ 4.4ghz
Motherboard Asus P8Z77-V LX
Cooling Cooler Master Hyper 212+
Memory 2 x 4GB G.Skill Ripjaws @ 1600mhz
Video Card(s) Gigabyte GTX 670 2gb
Storage Samsung 840 Pro 256gb, WD 2TB Black
Display(s) Shimian QH270 (1440p), Asus VE228 (1080p)
Case Cooler Master 430 Elite
Audio Device(s) Onboard > PA2V2 Amp > Senn 595's
Power Supply Corsair 750w
Software Windows 8.1 (Tweaked)
#4
Edited the review for some last minute "insights"... ;)
That was quite a drop in score! Oh my it even lost the good value tag! Hope that is not because of me. What worries me the most is:

"Two minute timeout can be easily circumvented, allowing for a continous brute force attack"

Also, wow 5 digits, hmm well I can crack that in... No time.
 

Darksaber

W1zzard's Sidekick
Staff member
Joined
Jul 8, 2005
Messages
2,645 (0.58/day)
Likes
1,078
Location
Gmunden, Austria
System Name Core i7 Overclocked - Main Workstation
Processor Core i7 940 at 3.66 GHz
Motherboard Asus P6T Deluxe
Cooling Noktua U14P Super Silent
Memory 3x2GB OCZ 1600 MHz CL8
Video Card(s) 2x MSI Cyclone Radeon 6850 1GB in Crossfire - tuned to be silent
Storage G.Skill 240GB Sandforce SSD, 1x 640GB Samsung F1, 2x500GB Samsung Spinpoint, 1.5TB External Samsung
Display(s) Samsung 305T 30" 2560x1600 DVI LCD
Case Corsair Obsidian 800D
Audio Device(s) Asus Xonar D2X PCIe
Power Supply Thermaltake Toughpower XT 750W
Software Windows 7 Home Premium 64 Bit
#5
That was quite a drop in score! Oh my it even lost the good value tag! Hope that is not because of me. What worries me the most is:

"Two minute timeout can be easily circumvented, allowing for a continous brute force attack"

Also, wow 5 digits, hmm well I can crack that in... No time.
you have to realize, while there are 5 digits to choose from, the PIN length is unaffected with up to 10 numbers, just narrows it down a lot as you know in a PIN of the maximum length not every number is unique and there are repetitions. Fact is that if you advertise a product with number 1-5 only it comes across as insecure and does not convey that peace of mind. Corsair is giving the user the 10 different digits on the casing but in reality is dumbing it down inside - not very cool.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,170 (3.43/day)
Likes
18,147
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#6
let's do some math here (correct me if i'm wrong please)

the total number of combinations advertised is:
10^4+10^5+10^6+10^7+10^8+10^9+10^10 = 11,111,110,000 = 11 billion

the actual number of combinations with 5 keys instead of 10 is:
5^4+5^5+5^6+5^7+5^8+5^9+5^10 = 12,206,875 = 12 million

so basically a factor of 1000 difference!

bruteforce:
in the review we have seen that is is possible to circument the lockout timer, which means you could hook up some kind of bruteforce device (like in the movies) .. using a conservative 10 keys per second without lockout timer:

11 billion * 0.1 seconds per key = 1.1 billion seconds = ~12,700 days
12 million * 0.1 seconds per key = 1.2 million seconds = ~13.8 days
 
Joined
Oct 10, 2008
Messages
3,471 (1.02/day)
Likes
655
System Name Acer Aspire V3-771G-53218G75Maii
Processor Core i5 3210M (2,5-3,1Ghz)
Memory 8GB DDR3 SODIMM
Video Card(s) Geforce GT650M
Storage Samsung 830 256GB - 750GB Toshiba drive
Software Windows 7 x64 Home Premium (non-acer-bloatware)
#7
let's do some math here (correct me if i'm wrong please)

the total number of combinations advertised is:
10^4+10^5+10^6+10^7+10^8+10^9+10^10 = 11,111,110,000 = 11 billion

the actual number of combinations with 5 keys instead of 10 is:
5^4+5^5+5^6+5^7+5^8+5^9+5^10 = 12,206,875 = 12 million

so basically a factor of 1000 difference!

bruteforce:
in the review we have seen that is is possible to circument the lockout timer, which means you could hook up some kind of bruteforce device (like in the movies) .. using a conservative 10 keys per second without lockout timer:

11 billion * 0.1 seconds per key = 1.1 billion seconds = ~12,700 days
12 million * 0.1 seconds per key = 1.2 million seconds = ~13.8 days
Since you have 10 digits, with 10 (or in this case 5) possibilities per digit, isn't it:

10^10 or 10*10*10*10*10*10*10*10*10*10 (10 000 000 000)
vs
5^10 or 5*5*5*5*5*5*5*5*5*5 (9 765 625)

Still, your factor 1000 difference is about correct, but <10 million unique combinations is even worse :confused:
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,170 (3.43/day)
Likes
18,147
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#8
you can have 4 to 10 digits in your pin
 
Joined
Oct 10, 2008
Messages
3,471 (1.02/day)
Likes
655
System Name Acer Aspire V3-771G-53218G75Maii
Processor Core i5 3210M (2,5-3,1Ghz)
Memory 8GB DDR3 SODIMM
Video Card(s) Geforce GT650M
Storage Samsung 830 256GB - 750GB Toshiba drive
Software Windows 7 x64 Home Premium (non-acer-bloatware)
#9
you can have 4 to 10 digits in your pin
Ah yeah, I missed that.
Maybe you should test whether a PIN of 0000000000 is the same as 0000 :D
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,170 (3.43/day)
Likes
18,147
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#10
interesting question .. darksaber will be home later today to test this .. i am also wondering if the device reports "wrong code" after the exact same number of digits as the actual pin ?

this could be used to guess the pin length, potentially reducing the number of possible pins by over 95%
 
Joined
Oct 10, 2008
Messages
3,471 (1.02/day)
Likes
655
System Name Acer Aspire V3-771G-53218G75Maii
Processor Core i5 3210M (2,5-3,1Ghz)
Memory 8GB DDR3 SODIMM
Video Card(s) Geforce GT650M
Storage Samsung 830 256GB - 750GB Toshiba drive
Software Windows 7 x64 Home Premium (non-acer-bloatware)
#11
interesting question .. darksaber will be home later today to test this .. i am also wondering if the device reports "wrong code" after the exact same number of digits as the actual pin ?

this could be used to guess the pin length, potentially reducing the number of possible pins by over 95%
Well, I guess you have to press the "key" button to verify your PIN, but that could still mean that "12345" could pass when your PIN is "1234"...
 
Joined
Feb 5, 2007
Messages
191 (0.05/day)
Likes
17
Processor AMD A10-6800k @4.8GHz
Motherboard GIGABYTE G1.Sniper A88X
Cooling SCYTHE Katana 3 Type A
Memory 4GB DDR3/1600 Exeleram (for now)
Video Card(s) AMD HD8670D (APU)
Storage WDC WD10EALX / WDC WD6401AALS / Seagate ST3320620AS / Seagate ST3160812AS
Display(s) Iiyama Pro Lite E2200WSV B1 22"
Case Antec
Audio Device(s) GIGABYTE AMP-UP Audio
Power Supply Antec Earthwatts 500W
#12
I was just playing today with the first generation of Corsair Padlock. I have a 1GB flash and I am using for a WIN PE environment. It is quite nice.

Question: how do you change the battery to the new Padlock?
 
Last edited by a moderator:

Darksaber

W1zzard's Sidekick
Staff member
Joined
Jul 8, 2005
Messages
2,645 (0.58/day)
Likes
1,078
Location
Gmunden, Austria
System Name Core i7 Overclocked - Main Workstation
Processor Core i7 940 at 3.66 GHz
Motherboard Asus P6T Deluxe
Cooling Noktua U14P Super Silent
Memory 3x2GB OCZ 1600 MHz CL8
Video Card(s) 2x MSI Cyclone Radeon 6850 1GB in Crossfire - tuned to be silent
Storage G.Skill 240GB Sandforce SSD, 1x 640GB Samsung F1, 2x500GB Samsung Spinpoint, 1.5TB External Samsung
Display(s) Samsung 305T 30" 2560x1600 DVI LCD
Case Corsair Obsidian 800D
Audio Device(s) Asus Xonar D2X PCIe
Power Supply Thermaltake Toughpower XT 750W
Software Windows 7 Home Premium 64 Bit
#13
Ah yeah, I missed that.
Maybe you should test whether a PIN of 0000000000 is the same as 0000 :D
The Padlock 2 acts correctly. it does differenciate in the actual length of the PIN. Just tried it. Thus, 0000 != 000000000.
 

Darksaber

W1zzard's Sidekick
Staff member
Joined
Jul 8, 2005
Messages
2,645 (0.58/day)
Likes
1,078
Location
Gmunden, Austria
System Name Core i7 Overclocked - Main Workstation
Processor Core i7 940 at 3.66 GHz
Motherboard Asus P6T Deluxe
Cooling Noktua U14P Super Silent
Memory 3x2GB OCZ 1600 MHz CL8
Video Card(s) 2x MSI Cyclone Radeon 6850 1GB in Crossfire - tuned to be silent
Storage G.Skill 240GB Sandforce SSD, 1x 640GB Samsung F1, 2x500GB Samsung Spinpoint, 1.5TB External Samsung
Display(s) Samsung 305T 30" 2560x1600 DVI LCD
Case Corsair Obsidian 800D
Audio Device(s) Asus Xonar D2X PCIe
Power Supply Thermaltake Toughpower XT 750W
Software Windows 7 Home Premium 64 Bit
#14
I was just playing today with the first generation of Corsair Padlock. I have a 1GB flash and I am using for a WIN PE environment. It is quite nice.

Question: how do you change the battery to the new Padlock?
You don't. If your battery runs out, it can be recharged by plugging it into the PC for about an hour. If it is completely dead, the Padlock 2 falls under warranty.
 

Darksaber

W1zzard's Sidekick
Staff member
Joined
Jul 8, 2005
Messages
2,645 (0.58/day)
Likes
1,078
Location
Gmunden, Austria
System Name Core i7 Overclocked - Main Workstation
Processor Core i7 940 at 3.66 GHz
Motherboard Asus P6T Deluxe
Cooling Noktua U14P Super Silent
Memory 3x2GB OCZ 1600 MHz CL8
Video Card(s) 2x MSI Cyclone Radeon 6850 1GB in Crossfire - tuned to be silent
Storage G.Skill 240GB Sandforce SSD, 1x 640GB Samsung F1, 2x500GB Samsung Spinpoint, 1.5TB External Samsung
Display(s) Samsung 305T 30" 2560x1600 DVI LCD
Case Corsair Obsidian 800D
Audio Device(s) Asus Xonar D2X PCIe
Power Supply Thermaltake Toughpower XT 750W
Software Windows 7 Home Premium 64 Bit
#15
interesting question .. darksaber will be home later today to test this .. i am also wondering if the device reports "wrong code" after the exact same number of digits as the actual pin ?

this could be used to guess the pin length, potentially reducing the number of possible pins by over 95%
If the wrong PIN is entered, the red light flashes, no matter if the wrong PIN is of equal length as the correct one or not. Thus there is no way to figure out how long the PIN is, as you have to press "Key", then enter your code, then press "Key" again.
 
Joined
Oct 10, 2008
Messages
3,471 (1.02/day)
Likes
655
System Name Acer Aspire V3-771G-53218G75Maii
Processor Core i5 3210M (2,5-3,1Ghz)
Memory 8GB DDR3 SODIMM
Video Card(s) Geforce GT650M
Storage Samsung 830 256GB - 750GB Toshiba drive
Software Windows 7 x64 Home Premium (non-acer-bloatware)
#16
Thanks for clearing those things up Darksaber.
 

Darksaber

W1zzard's Sidekick
Staff member
Joined
Jul 8, 2005
Messages
2,645 (0.58/day)
Likes
1,078
Location
Gmunden, Austria
System Name Core i7 Overclocked - Main Workstation
Processor Core i7 940 at 3.66 GHz
Motherboard Asus P6T Deluxe
Cooling Noktua U14P Super Silent
Memory 3x2GB OCZ 1600 MHz CL8
Video Card(s) 2x MSI Cyclone Radeon 6850 1GB in Crossfire - tuned to be silent
Storage G.Skill 240GB Sandforce SSD, 1x 640GB Samsung F1, 2x500GB Samsung Spinpoint, 1.5TB External Samsung
Display(s) Samsung 305T 30" 2560x1600 DVI LCD
Case Corsair Obsidian 800D
Audio Device(s) Asus Xonar D2X PCIe
Power Supply Thermaltake Toughpower XT 750W
Software Windows 7 Home Premium 64 Bit
#17
I should also mention, that even though you could design a circuit that cuts off battery power and checks for data accessibility after every PIN entry, you will still have to enter the PIN manually. This means that, while a brute force is still possible, it would take much longer than just a few minutes.
 
Joined
May 29, 2010
Messages
1 (0.00/day)
Likes
0
#18
Let me clear up some errors

5 hardware buttons does not mean 5 digits to choose from. Pushing a button twice gets you the second digit assigned to that button, so 10 digits are available. With programming you can assign as many "digits" to one button as you want. They could have used one button (press it 5 times to enter a five, for example) but it would have been a major PITA to enter a pin so they used more buttons to make entering the pin easier. Easiest of all would be to have one button per digit, but they don't have room for that on the small package.

The pin can be 4 to 10 digits long. The total number of combinations available is ALL of the 4 digit pins + ALL of the 5 digit pins plus... ...ALL of the 10 digit pins.

Since digits can be repeated in the pin, any pin digit can be any of the 10 digits. That means there are 10x10x10x10 possible 4 digit pins. (10000 = 10^4 possible combinations). To make this simple, adding each digit to lengthen the pin simply multiplies the number of combos by 10.
So for a 4 digit pin, there are 10000 (=10^4) combos, for 5 digit pin, there are 10^5 combos. So here it is: the total number of possible pins is 10^4 + 10^5 + 10^6 + 10^7 + 10^8 + 10^9 + 10^10. My brain tells me there are 11,111,110,000 possible combinations.

The data is stored in the memory chip encrypted- there would be no point in encryption if the data were stored clear. The old version of this device was hardware hackable apparently by telling the cipher chip that a valid pin had been entered even when it hadn't- an unbelievably silly weakness in the design. Covering the chips with epoxy makes it more difficult to access the PCB, but not terribly difficult. A moderately determined attacker with simple tools will be able to clean off the epoxy. Did they use the same chips with the same weakness or did they change the design? Only time will tell.

A real secure device would include mechanical interlocks designed into the package that will do physical damage to the device if it is opened - releasing acid, explosive charge, incendiary, etc., but you'd probably only find that level of security in very expensive military and intelligence agency devices.

This thing looks like a bargain at $50, even if they merely covered the old PCB with epoxy. It's like locking your bike- you don't need the best available lock- it just has to be a little better than those on the other bikes around yours.
 
Last edited:

m4rkiz

New Member
Joined
Jan 11, 2012
Messages
1 (0.00/day)
Likes
0
#19
Pushing a button twice gets you the second digit assigned to that button, so 10 digits are available.
this fact is not mentioned anywhere (corsair website, padlock 2 faq, user manual, quick start guide) so i really doubt it is true
 

bojan501

New Member
Joined
Feb 3, 2012
Messages
2 (0.00/day)
Likes
0
#20
problem

my flash drive only blinking red.what s the problem.not working reset password,not working on the instruction.please help
 
Last edited:

bojan501

New Member
Joined
Feb 3, 2012
Messages
2 (0.00/day)
Likes
0
#21
]my flash drive only blinking red.what s the problem.not working reset password,not working on the instruction.please help