The 10
password attempt lockdown is one
of their selling features... If it could be easily hacked you probably
wouldn't want that product anyways - if you don't care if it gets
cracked
then save some money and go with an unencrypted version. Your best
defense is to make sure that the user is properly educated when they
receive the drive to not push their luck like they do for login
passwords that are easier to recover from.
The product page for the normal product mentions that the
security
features are only availble under Windows OS - so if it wasn't Windows,
there ya go - no encryption. I'm guessing that it was, in which case
you *might* (don't quote me here, I don't know the specific inner
workings of this specific product) have a copy of the key on the
Windows computer where it was originally used (where the key would have
been generated). IF that is the case, then you could retreive that and
have an expert assist you with
decryption (OnTrack, etc. would probably be your best bet unless you
live
in a very populous area - and maybe even then). The other possibility
is that the key is almost certainly contained within the thumb drive -
retreiving it comes down to the quality of the product.
Verbatim
has been around long enough to likely do things well enough that trying
to get to it through software should be properly locked down, and
getting hardware access to the chip to try to sniff the
flash
will likely destroy the hardware (even if done by a pro) - although the
normal version isn't spouting FIPS-140 certification, so maybe they
don't go to that length.
http://www.verbatim.com/usb/store_n_go.cfmTheir
product page for the "corporate" logoed product mentions that data is
protected with AES-256 encryption, which is virtually uncrackable in
our lifetime. I'm not sure what algrorithm the non-corporate version
uses, but most modern encryption methods will take many years (at best)
to
crack.
http://www.verbatim.com/usb/corporate.cfmI
would recommend trying to contact OnTrack and see if they might be able
to do anything - if they can get the private key then they will have a
good chance at it, if not then a brute crack of AES-256 is not really a
viable option as it has never been cracked straight-forward. I
wouldn't get your hopes up, but it is worth the call just in case.
Good luck!