Our Project, The CryptX2 is now on indiegogo

[Eric]

Hi,

 We have finally gotten our project ready and listed on indiegogo, check it out and show your support.

http://www.indiegogo.com/CryptX2

Thanks

[Will Bradley]

This is badass! For those unaware, this is an encrypted thumb drive based on Arduino that should be more secure than anything else available anywhere; hardware encryption, hardware password entry, plus tons of other security and usability features.

You got my money :)

--
 
 

[Eric]

Hey, thanks for everyones support that pledged to the project so far. Glad to see the interest and support in security from HSL, you guys/gals rock! If anyone has questions / comments on the project let us know.
Thanks

[Zachary Giles]

Very interesting project! Great idea.

A few questions; apologies if the answers are somewhere else already.. I couldn't find it on your indiegogo or website

* What part actually does the encryption? Is it the Arduino / microcontroller, or does that just feed the key to another chip as input?

* Could the algorithm be upgraded / changed via software?

* What method / tech is being used for the RAID 0 / 1, how do we know if the drive is consistent or not? .. as atomic reads / write may not be trivial..

* Can the SD card be swapped out for another one with a different set of password for each (is the key stored on the SD so that you could have 1000 SDs for example)?  Somehow seems not since updating the firmware seems to wipe it..

* What SD cards? SDHC? old, new? <32G >128G?

* What is the difference between the US version and the Canadian version? Just the lack of a micro, or different algorithms..

* Is there a possibility of having another firmware that emulates a USB Keyboard, similar to a Yubikey, but when you enter a password it will type out a string.. thus like a password secured Yubikey? 

I'm sure I'll think of more later :)

Thanks,

-Zach

On Tue, Nov 27, 2012 at 11:36 PM, Eric <divideby0...@gmail.com> wrote:

Hey, thanks for everyones support that pledged to the project so far. Glad to see the interest and support in security from HSL, you guys/gals rock! If anyone has questions / comments on the project let us know.
Thanks

--
 
 

--
Zach Giles
zgi...@gmail.com

[Eric]

Hi,

The encryption is done entirely on the microcontroller, it is an atmel at32uc3a3256s.

Yes, you can upgrade the crypto algorithm, the firmware is upgradeable. It is currently 256bit AES cbc-essiv with pbkdf2 hmac-sha256. We will offer a few options for crypto, but unless a more secure option that will work with the atmel crypto accelerator is found we will keep this as primary.

the raid functions are in their early stages and are very very basic. we will expand the functionality when we finish up some of the more important functions. there is no crc or consistency checking now and there is not way to rebuild a mirror. the code is not yet suitable for production use.

Yes, you can swap out the sd cards. the salt is stored in the mcu (the aeskey is not stored at all). All sd cards would use the same password/salt/aeskey. We have plans to have different passwords for each sd slot, but still the same situation would exist that alternate cards would use the same password since the salt is stored in the mcu. If you want to do a custom firmware I could suggest how to accomplish something like this, maybe when things slow down a bit we can help with it.

We have tested up to 32GB cards (sdhc), i havent had any higher capacity to play with yet. We are working on sdxc support which will give a limit of 2TB per card, as soon as they make them :)

There is no difference between the US and Canadian versions; they are exactly the same. Originally when we posted the indiegogo we understood the export laws to restrict any sales to outside the USA. We then learned Canada is exempt from this. We do have a worldwide version also, but it is missing the mcu since that is the restricted part for export. We are still looking into export laws, if anyone can help with this we would be very happy and will likely reward you with thanks, appreciation and probably tangible things from our office.

Yes, we can have firmware that will emulate a usb hid/keyboard with this mcu. We are considering this option, but we dont want to step on any toes. There are already some great solutions for this. Check out the rubber ducky from hak5.org, that is probably what your looking for.

Thanks for the questions, if you got more feel free to ask. 

 

[Will Bradley]

This is super cool! If you guys would like to put a guest blog post on heatsynclabs.org (focused on the tech / process / biz moreso than marketing the product, since we're a nonprofit) we'd love to put it up :)

--
 
 

[Zachary Giles]

Hey Eric,

Thanks for all that info. I really appreciate it. To be clear, you guys are doing an awesome job and I will back your project and really look forward to it coming out and the additions / firmware updates / possibilities that seem to be on the roadmap. 

Also quite interesting that there is an Atmel that has a hardware crypto in it. Didnt realize that before.. quite interrogating really.

About the keyboard deal: I like the hak5 piece, but it doesn't seem to have a keypad to unlock it. ( I think ). Yubikey's are also awesome, but again.. no unlock. I think it'd be fun to have that option on your's too, and I'd gladly work on it in my free time for fun, since you guys are going OpenSauce and all. :)

Keep up the good work.

-Zach

--
 
 

--
Zach Giles
zgi...@gmail.com

[Eric]

We would love to do a guest blog, Im not one for doing blogging though... would a clip from the website work? or do you have a format to follow?
Thanks

[Will Bradley]

Any format is fine, if you think it's worthy of our front page :)

On Tue, Dec 4, 2012 at 12:53 AM, Eric <divideby0...@gmail.com> wrote:

We would love to do a guest blog, Im not one for doing blogging though... would a clip from the website work? or do you have a format to follow?
Thanks

--
 
 

[Eric]

Zach, thanks for the support. Actually, thanks to everyone there, you guys are all awesome.

 We actually have many other features on this to do list, but we dont want to promise the world at this point ;). else it sounds like... its gonna have freakin lasers!!!!

Yes, Atmel has a few crypto / security mcus in their catalog, they used to have more. Ask me about this in person if interested, too much to type out.

If your determined to work on the keyboard thing, i guess I cant stop you, so I may as well join you. When things settled down here we can plan on working on it at HSL if you want. The focus for me would be more on a password type solution rather than a rubber ducky knock off.

[Eric]

Insert clip of tweek saying "its too much pressure!" here.
How about

One Small Step Towards Data Freedom

 Open Source Developers have created a new platform for securing data called the CryptX2. By employing hardware based 256bit AES encryption they are able to deliver data security previously not available to the general public, once again giving a small bit of privacy back to the people.  With a lengthy list of features to enhance security such as device id, which allows you to be sure you can trust the device is yours and not tampered with, a panic mode to destroy your data if forced to decrypt it by an attacker, user upgrade ability by changing the firmware or even making hardware modifications the flexibility of the device is limited only by the user. When asked for comments, one of the developer had this to say "Freedom isn't free.... but you can buy a little bit for $75" The project is also open source so it can be reviewed for security purposes, as well as upgraded. The website http://www.CryptX2.com will have all source files available so you can build your own from scratch if you choose.

if not for the hsl website, would this get a up vote on reddit ??  :)

[Will Bradley]

I'll definitely upvote it on reddit :) we've gotta make sure HSL content is more project-oriented and not just marketing. No worries though! Very excited to get mine.

--