News

Purchase Crypto Sticks with Bitcoins

Submitted by webmaster on Thu, 2012-04-05 04:19

Because the popular online payment solutions are expensive and privacy-unfriendly, we are happy to announce Bitcoin as a new payment method. From now on you can purchase the Crypto Stick in our online shop by paying with Bitcoins. Enjoy.

We are in Google Summer of Code 2012

Submitted by webmaster on Wed, 2012-03-21 14:04

For the second time we are in Google Summer of Code (GSoC) as a subproject of FOSSASIA. This means students can get scholarship to code for the Crypto Stick. Here are a couple of ideas of interesting projects but you are free to suggest your own as well. If you are a student and want to join our project, register at Google Melange and apply for FOSSASIA.

Exhibition at the Embedded World Fair in Nuremberg, 28.2.-1.3.2012

Submitted by webmaster on Fri, 2012-02-17 08:18

As in the previous years, also in 2012 we will have a booth at the Embedded World fair. Guests are welcome to get information about the status, latest developments, and outlook of the Crypto Stick project. Developers will be available to discuss even in-depth technical aspects such as adapting or integrating the Crypto Stick into other products and systems. The Embedded World will be held from 28th February to 1st of March in Nuremberg, Germany. See you there! Update: The exact location is hall 4A/4A-308l at Dridger & Schwenke's booth.

Update 2: A few pictures of the now already past event.

OpenSC/PKCS#11 driver development

Submitted by webmaster on Tue, 2011-12-27 00:43

Dear Crypto Stick Friend, we need your support!

PKCS#11 is a popular interface to connect smart cards (also Crypto Stick) with various software applications such as Firefox, TrueCrypt, Mozilla Thunderbird, PuTTY and many more. The current driver for the Crypto Stick works well but it is not open source and hence not well integrated to Linux systems and also lacks full write support. The OpenSC framework is the dominating open source PKCS#11 library but it can't be used with the Crypto Stick yet. We want to achieve full read and write support of the Crypto Stick in OpenSC and the driver will be released as open source and can be used by all Crypto Stick users. Because our time and resources are dedicated to the development of Crypto Stick 2 we need Euro 900 to delegate this task to an external developer. We already collected Euro 500 (thanks to Kicktipp) and need another Euro 400 to have sufficient funding. Please support this effort with a donation.

Because we are a non-profit organization, if we receive your donation before New Year's Eve, we are glad to provide you a donation receipt of 2011. (Of course, otherwise you will get a donation receipt of 2012.)

PayPal: Send your donation to spende@privacyfoundation.de and state "Crypto Stick" as purpose.

Wire transfer:

  • Recipient: German Privacy Foundation e.V.
  • Account number: 329 31 80
  • BLZ: 100 700 24
  • Institute: Deutschen Bank
  • IBAN: DE13100700240329318000
  • BIC: DEUTDEDBBER
  • Purpose: Crypto Stick

We wish you a Happy New Year!

Crypto Stick Team

Crypto Stick 2 beta boards arrived

Submitted by webmaster on Tue, 2011-12-20 23:57

After nearly two years of ongoing development we are glad to present the first beta of the Crypto Stick 2 hardware boards (PCB). They just arrived and here is the first picture (in full article). You can see the main processor on the topside. Other than in the Crypto Stick 1 we changed to the Atmel's AT32UC3A processor primarily due to it's integrated AES encryption unit which results in high performance. On the bottomside is a combined socket which connects both the OpenPGP Card and a MicroSD flash card to store the (encrypted) data. The beauty is that because of this the Crypto Stick can easily equiped with varying storage capacity. We don't plan to expose the socket to users and will enclose and seal it in epoxyd and in the closed case. The reason is that the data stored on the MicroSD wouldn't be accessible without beeing inserted in the Crypto Stick together with the specific OpenPGP Card. Hence, we don't see any serious use case which would require replacing any of the cards. Also an enclosed case has advantages of higher security and longer lifespan. By the way, the new case will be a robust and elegant black metallic case (stay tuned for further communications). During the next weeks we will test the boards and update the hardware design accordingly. Subsequently we continue to work on the firmware which is current in a beta stage. It is still a few more months to go until we will eventually see a final Crypto Stick 2 for sale. We are glad to receive your feedback.

Hacked proprietary encryption devices

Submitted by webmaster on Wed, 2011-10-26 08:41

If you ever was wondering whether your proprietary encryption device or smart card is secure, you might have been right. History tells us that many vendors pay not enough attention to deliver a really secure product. The following gives an incomplete overview of security flaws which became public:

  • In 2011 RSA Inc was hacked and secret information about RSA’s securID token was stolen which allows to hack the tokens.

  • In 2010 it was revealed that AES-256 encrypted and FIPS 140-2 Level 2 certified USB storage devices of the following vendors could be easily accessed by using a default password: Kingston, SanDisk, Verbatim, MXI, PICO

Imagine how many security flaws still exist which haven't been published but are only known by criminals or intelligence services. This is why you shouldn't trust security technology unless it's source code is available for inspection. The Crypto Stick is the only security USB device with published hardware design and source code to ensure it's secure implementation.

If you want to learn more about physical insecurity of smart cards and crypto processors, I recommend you this interesting video from WIRED magazine which presents Chris Tarnovsky's excellent work in this area. Also you can find more in-depth presentations from him recorded at the Black Hat conference.

Tags: 
encryption token
encryption devices
proprietary encryption
hacks

Crypto Stick Version 2 beta 1 published

Submitted by webmaster on Sat, 2011-10-15 07:26

We published the hardware layout of the first beta of the upcoming version 2 in our SVN repository. In addition to the existing features of version 1, the main new feature is an encrypted mass storage. Users will be able to easily and securely store files on the mass storage device. The storage is password protected and encrypted with AES-256 to ensure high security.

The first few hardware boards are already in production and will be tested by our team during the next weeks. We use a completely different architecture than in the version 1 device which required a development from scratch. Now we use an Atmel processor with integrated AES unit which allows fast encryption. Also for the first time we use the freeware DesignSpark PCB to lower the burden of fellow hackers to start developing.

We are on the right track but it is still a lot of work to do. We will keep you informed about the further progress.

Tags: 
Crypto Stick 2 beta 1
hardware layout

New Website Launched

Submitted by webmaster on Mon, 2011-09-19 15:07

We are glad to launch the new Crypto Stick website, most of the content available for German and English. Also it contains a dedicated news section (blog) and it is highly recommended to subscribe via RSS, Twitter, Identi.ca or e-mail. We intend to keep all these services in sync so that subscribing to one of them is sufficient. Enjoy and kindly let us know your feedback.