“Our Hydra USB Encryption Drives Are Absolutely Invulnerable”

In response to widely circulated reports regarding a serious vulnerability in certain USB encryption drives, SPYRUS, Inc. has confirmed that the entire SPYRUS line of Hydra PC USB encryption drives is absolutely invulnerable to the flaw described in the reports. Since 1997, SPYRUS has been making the most secure military-grade commercial encryption flash drives in the world.

On December 18th, researchers at the German firm SySS GmbH published a penetrating analysis of the flaws inherent in several vendors’ ‘Enterprise-grade’ USB encryption drives. The reported vulnerability focused on the use of a simplistic challenge response authentication method which employs a fixed/constant value which, once known, can be used by a hacker to bypass protection. This is in direct violation of sound security practices.

The entire line of SPYRUS Hydra PC USB encryption drives are invulnerable to such attacks because no password authentication values or keys are ever stored on Hydra PC devices after logoff or removal. Unlike any competing USB encryption drive, the Hydra PC reconstitutes a Master Key Encryption Key at logon using a FIPS-approved Key Derivation Function which utilizes, at a minimum, an Elliptic Curve Diffie-Hellman (ECDH) public/private key pair unique to the device and a random, secret 256-bit ‘salt’ value together with a SHA-256 hash of the user’s password. The secret salt value and all other cryptographic computations are securely bound within the FIPS 140-2 epoxy-encased cryptographic hardware rather than in host system software. Therefore it is not computationally feasible to mount an offline attack against the PIN/password. SPYRUS has the only USB encryption drive that provides such a robust authentication process to protect access to the data encrypted on the device.

SPYRUS has specialized in portable, Government-approved commercial hardware-based encryption devices for more than 15 years. SPYRUS was the first company to merge hardware encryption with flash, the first to implement the full set of Suite B cryptographic algorithms, and the first and only company to support both hardware-based file encryption and sector-based encryption.

All Hydra PC USB encryption drives are designed, developed, and manufactured in the U.S.A. and have FIPS 140-2 Level 2/Level 3 validations. Hydra PC is the only commercial USB encryption drive to be approved for protecting tactical classified data at the SECRET level and below when used in accordance with the applicable security doctrine.

SPYRUS customers, including the U.S. Government and other demanding enterprise customers, can rest assured that their encrypted data remains completely secure.