The Chameleon USB stick is advertised as a way to securely and transparently encrypt portions of a file-system by performing the actual encryption directly on the hardware device using a symmetric AES-256 key.
It’s pitched as an easy way to benefit from strong encryption for your sensitive data with the protection of a physical token. This sounded interesting, so I thought I’d give it a shot and report the results.
It didn’t go very far.
Chameleon supports Windows XP, Vista, and 7.
That was quick. None of us uses Windows so the hands-on review ended here.
Out of curiosity I kept reading the manual to find out that you can “duplicate” a lost Chameleon:
The way it works is that when setting the Chameleon up you can provide it with a passphrase, from which the actual encryption key is derived. By doing so it limits the entropy of the key to the entropy of the passphrase. And for most users that’ll dramatically weaken the encryption.
People being really bad at generating randomness is something that you should know if you manufacture a secure hardware element.
Should encrypted data get stolen it would be possible to crack the key with the usual offline-cracking methods that enable attackers to break long and seemingly strong passwords.
Tools like the password haystack are very misleading when assessing the strength of a passphrase or a password. That’s because they don’t check whether your passphrase matches a common pattern or whether it has a meaning as a sentence for example. Such tools would be accurate only if the characters, or words, were chosen purely randomly.
Fortunately that can be fixed without changing the hardware: let the user provide a passphrase but mix it up with the output of a decent RNG, derive a 256 bit secret from it. That’s the secret that would need to be backed-up and from which the actual key would be derived.
This point is, incidentally, the very reason why brainwallets, unless done rigth, are a very bad idea from a security point of view.
If this got overlooked, what else did?