dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2316
scottp99
join:2010-12-11

1 recommendation

scottp99

Member

Kingston Flash drive with hardware encryption

What do you all think about this USB flash encryption?
Is it worth it? Or is Ironkey better?
»www.pcmag.com/article2/0 ··· 0,00.asp

therube
join:2004-11-11
Randallstown, MD

therube

Member

What is it that you're trying to accomplish?
(Would think most would say to take any Flash drive & use TrueCrypt? Or is there a difference between that & this Kingston or "Ironkey"?)
scottp99
join:2010-12-11

scottp99

Member

Security experts say that hardware encryption is harder to crack than software encryption.
So hardware is the better choice in their opinion. So thats why I chose it.

HA Nut
Premium Member
join:2004-05-13
USA

HA Nut to scottp99

Premium Member

to scottp99
I would also throw the Kanguru encrypted drives into the mix.
»store.kanguru.com/pages/ ··· es-chart
Beyond encryption, 2 versions even include physical write protect switches.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

1 recommendation

sivran to scottp99

Premium Member

to scottp99
Other than the ease of use there's little difference between that and a flashdrive consisting entirely of a truecrypt volume.
Frodo
join:2006-05-05

Frodo

Member

said by sivran:

Other than the ease of use there's little difference between that and a flashdrive consisting entirely of a truecrypt volume.

The part I see that is different is this:
"The drive's security has a lock feature which only allows 10 incorrect password attempts in a row before reformatting the drive and wiping out the data. This security feature prevents brute-force attacks from unlocking the drive."
That would mean that one could use a relatively short and easily memorized password and and get away with. As far as I know, one can brute force a true crypt volume endlessly, requiring a long and perhaps difficult to remember password.
scottp99
join:2010-12-11

1 edit

scottp99

Member

As Frodo was posting, thats true.
As of matter of fact, the Kingston's enterprise versions lets you set it to a lower number of password try attempts.
Overall, Im pretty happy with it.

Thanks guys for the added feedback!

Black_Mage
iMage
Premium Member
join:2012-09-12
USA

Black_Mage to scottp99

Premium Member

to scottp99
Is this hardware encryption only on small capacity USB drives?

Tomel
join:2007-11-07
Midlothian, VA

Tomel to scottp99

Member

to scottp99
I've been looking recently at purchasing a hardware encrypted flash drive. I've been using TrueCrypt for years, but don't see that as the best approach for flash drive security. Consider this:

o As mentioned by an earlier poster, the hardware encrylpted drives typically limit the number of password entry attempts (including keeping track of the number of attempts even if the drive is removed and re-insterted). This allows a simpler, more memorable password by preventing brute force attacks.

o The other reason, not mentioned by anyone so far, is that with a hardware encrypted flash drive, I can insert it into any computer (with an operating system compatible with the drive format, typically Windows or Mac OS), enter my password, and have my data immediately available. If I use TrueCrypt to encrypt the drive, then TrueCrypt has to be installed on any computer I want to use to access my data. This may or not be feasible. At a minimum, if it wasn't installed, I'd have to locate an internet connection, download TrueCrypt, install it, and only then access my data.
drjenkins
join:2005-03-30
Bealeton, VA

drjenkins

Member

said by Tomel:

(with an operating system compatible with the drive format, typically Windows or Mac OS)

I use a DataShur FIPS certified hardware encrypted drive. It is OS agnostic since you enter your PIN using the onboard keys. It also provides for an administrator key if you are in a corporate environment.

I can use this drive with an encrypted Live OS and boot from it - something you can't do with a software encrypted drive.

»www.istorage-uk.com/datashur.php
scottp99
join:2010-12-11

scottp99

Member

However, you can use Truecrypt as Portable Mode. When installing, just select EXTRACT instead of INSTALL. Then it would create itself a separate Truecrypt folder in which you can rune the .exe file on any OS and PC.

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to scottp99

Premium Member

to scottp99
said by scottp99:

Security experts say that hardware encryption is harder to crack than software encryption.
So hardware is the better choice in their opinion. So thats why I chose it.

Not really. Both software and hardware encryption's strength depend on their proper implementation. Shoddy hardware crypto can be cracked as easily as buggy software. While hardware crypto will almost always offer better performance, it doesn't much matter if the crypto is bad.

The problem with hardware crypto is you have no way of knowing what you're getting. Most manufacturers are not going to release detailed low-level specifications of the implementation or give their hardware to independent experts for review. Some companies may be more transparent than others and you should probably go with those (if any) who welcome review and release detailed specs.

There was a case a few years ago where several major USB Flash drive makers were found to have made a horrible mistake in their hardware crypto -- a mistake so severe that it allowed full recovery of the key. Essentially, whenever you entered a password to unlock the drive, the hardware sent the same string to unlock the drive every time regardless of the password entered. Read here for more info..

What's worse is these drives were FIPS-142-2 certified! This begs the question as to whether the designers were simply this incompetent or whether it was a backdoor intentionally placed (there is no way to prove the latter, but it's a real possibility). And it further begs the question as to whether we can really trust the FIPS certification process since since such an obvious and blatant mistake made it through "certification."

So, if performance is not a major issue, I would say go with an open source software solution. Truecrypt would be a good choice.
Expand your moderator at work