USER GUIDE |
USB BACKUP HSM
Page
11
of 31
[5.2] BRUTE-FORCE PROTECTION
A Brute-Force Attack is a means of breaching a cryptographic data defense scheme by systematically running
an astronomical number of decryption possibilities. With AES 256 having never been cracked, the data stored
on a USB Backup HSM is going to be more than well-protected against brute-force. But brute-force attacks
aren’t necessarily aimed at the bulk of the data itself, but rather, at the drive’s access PINs. After all, PINs are
usually the weakest links of any data protection plan, and as such, PINs are essentially all that a brute-force
attack needs to decrypt.
The default number of maximum incorrect PIN entries allowed is 20, but can be programmed to be as few as
four.
1. After three unsuccessful drive authentication attempts, the USB Backup HSM will automatically add
additional time delays to each subsequent try thereafter. The
red
LED will blink the number of failed
attempts after three, all the way up to the halfway point of total allowed attempts, e.g. 10 total
programmed attempts; halfway point is 5.
2. Once that halfway point of the number of unsuccessful authentication attempts is reached, the keypad
will lock up and the
red
LED will blink at a rate of three flashes per second. No additional PIN attempts
will be recognized.
3. To unlock the keypad and regain the ability to enter a PIN, press and hold the 5 button and the
button
together until the
red
and
green
LEDs blink alternately.
4. Enter the code “LastTry” (5278879) and press the button. The
red
LED will glow steadily. You will now
have the remaining 50% of PIN attempts.
5. When the device is successfully unlocked, the Brute-Force counter will return to zero.
The number of attempts possible, both before and after the LastTry (5278879) code is entered, can be set (in
Admin Mode) between 2 and 10 attempts.
Setting the before/after attempts to the minimum of two would allow for a total of four attempts (two before
entering the LastTry code and two after). To program the number of Brute-Force attempts allowed:
1. Enter the Admin mode. (Hold
+ 0 for five seconds; with the
red
LED blinking, enter the Admin PIN
and press the
button.) The
blue
LED will glow solidly.
2. Press and hold the
+ 5 button for three seconds. The
red
LED will double-blink.
3. Press the number of before/after attempts desired on the numeric keypad (2-9). The
green
LED will
blink the same number of times to correspond to the number you have entered.
l
For example: the 8 button will result in eight blinks, and yield eight attempts before the LastTry
code and another eight attempts after, yielding a total of 16.
4. To return the device to its default setting, press the 1 key, followed by the 0 key, to change the number
back to ten attempts.
NOTE: The number of before and after attempts are the same, i.e., 4 before / 4 after, 8 before / 8 after, etc.
[5.3] UNATTENDED AUTO-LOCK
To protect against unauthorized access if the device is unlocked and unattended, the USB Backup HSM can be
set to automatically lock after a predetermined period of inactivity.
