dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1711
share rss forum feed

scottp99

join:2010-12-11

1 recommendation

Kingston Flash drive with hardware encryption

What do you all think about this USB flash encryption?
Is it worth it? Or is Ironkey better?
»www.pcmag.com/article2/0,2817,2416020,00.asp



therube

join:2004-11-11
Randallstown, MD

What is it that you're trying to accomplish?
(Would think most would say to take any Flash drive & use TrueCrypt? Or is there a difference between that & this Kingston or "Ironkey"?)


scottp99

join:2010-12-11

Security experts say that hardware encryption is harder to crack than software encryption.
So hardware is the better choice in their opinion. So thats why I chose it.



HA Nut
Premium
join:2004-05-13
USA
reply to scottp99

I would also throw the Kanguru encrypted drives into the mix.
»store.kanguru.com/pages/compare-···es-chart
Beyond encryption, 2 versions even include physical write protect switches.



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

1 recommendation

reply to scottp99

Other than the ease of use there's little difference between that and a flashdrive consisting entirely of a truecrypt volume.
--
Think Outside the Fox.


Frodo

join:2006-05-05

said by sivran:

Other than the ease of use there's little difference between that and a flashdrive consisting entirely of a truecrypt volume.

The part I see that is different is this:
"The drive's security has a lock feature which only allows 10 incorrect password attempts in a row before reformatting the drive and wiping out the data. This security feature prevents brute-force attacks from unlocking the drive."
That would mean that one could use a relatively short and easily memorized password and and get away with. As far as I know, one can brute force a true crypt volume endlessly, requiring a long and perhaps difficult to remember password.

scottp99

join:2010-12-11

1 edit

As Frodo was posting, thats true.
As of matter of fact, the Kingston's enterprise versions lets you set it to a lower number of password try attempts.
Overall, Im pretty happy with it.

Thanks guys for the added feedback!



Black_Mage
iMage
Premium
join:2012-09-12
USA
kudos:1
reply to scottp99

Is this hardware encryption only on small capacity USB drives?


Tomel

join:2007-11-07
Midlothian, VA
reply to scottp99

I've been looking recently at purchasing a hardware encrypted flash drive. I've been using TrueCrypt for years, but don't see that as the best approach for flash drive security. Consider this:

o As mentioned by an earlier poster, the hardware encrylpted drives typically limit the number of password entry attempts (including keeping track of the number of attempts even if the drive is removed and re-insterted). This allows a simpler, more memorable password by preventing brute force attacks.

o The other reason, not mentioned by anyone so far, is that with a hardware encrypted flash drive, I can insert it into any computer (with an operating system compatible with the drive format, typically Windows or Mac OS), enter my password, and have my data immediately available. If I use TrueCrypt to encrypt the drive, then TrueCrypt has to be installed on any computer I want to use to access my data. This may or not be feasible. At a minimum, if it wasn't installed, I'd have to locate an internet connection, download TrueCrypt, install it, and only then access my data.


drjenkins

join:2005-03-30
Bealeton, VA

said by Tomel:

(with an operating system compatible with the drive format, typically Windows or Mac OS)

I use a DataShur FIPS certified hardware encrypted drive. It is OS agnostic since you enter your PIN using the onboard keys. It also provides for an administrator key if you are in a corporate environment.

I can use this drive with an encrypted Live OS and boot from it - something you can't do with a software encrypted drive.

»www.istorage-uk.com/datashur.php

scottp99

join:2010-12-11

However, you can use Truecrypt as Portable Mode. When installing, just select EXTRACT instead of INSTALL. Then it would create itself a separate Truecrypt folder in which you can rune the .exe file on any OS and PC.



KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to scottp99

said by scottp99:

Security experts say that hardware encryption is harder to crack than software encryption.
So hardware is the better choice in their opinion. So thats why I chose it.

Not really. Both software and hardware encryption's strength depend on their proper implementation. Shoddy hardware crypto can be cracked as easily as buggy software. While hardware crypto will almost always offer better performance, it doesn't much matter if the crypto is bad.

The problem with hardware crypto is you have no way of knowing what you're getting. Most manufacturers are not going to release detailed low-level specifications of the implementation or give their hardware to independent experts for review. Some companies may be more transparent than others and you should probably go with those (if any) who welcome review and release detailed specs.

There was a case a few years ago where several major USB Flash drive makers were found to have made a horrible mistake in their hardware crypto -- a mistake so severe that it allowed full recovery of the key. Essentially, whenever you entered a password to unlock the drive, the hardware sent the same string to unlock the drive every time regardless of the password entered. Read here for more info..

What's worse is these drives were FIPS-142-2 certified! This begs the question as to whether the designers were simply this incompetent or whether it was a backdoor intentionally placed (there is no way to prove the latter, but it's a real possibility). And it further begs the question as to whether we can really trust the FIPS certification process since since such an obvious and blatant mistake made it through "certification."

So, if performance is not a major issue, I would say go with an open source software solution. Truecrypt would be a good choice.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999
Expand your moderator at work