1 recommendation |
Kingston Flash drive with hardware encryptionWhat do you all think about this USB flash encryption? Is it worth it? Or is Ironkey better? » www.pcmag.com/article2/0 ··· 0,00.asp |
|
therube join:2004-11-11 Randallstown, MD |
What is it that you're trying to accomplish? (Would think most would say to take any Flash drive & use TrueCrypt? Or is there a difference between that & this Kingston or "Ironkey"?) |
|
|
Security experts say that hardware encryption is harder to crack than software encryption. So hardware is the better choice in their opinion. So thats why I chose it. |
|
HA Nut Premium Member join:2004-05-13 USA |
to scottp99
I would also throw the Kanguru encrypted drives into the mix. » store.kanguru.com/pages/ ··· es-chartBeyond encryption, 2 versions even include physical write protect switches. |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX
1 recommendation |
to scottp99
Other than the ease of use there's little difference between that and a flashdrive consisting entirely of a truecrypt volume. |
|
|
Frodo
Member
2013-May-4 11:53 pm
said by sivran:Other than the ease of use there's little difference between that and a flashdrive consisting entirely of a truecrypt volume. The part I see that is different is this: "The drive's security has a lock feature which only allows 10 incorrect password attempts in a row before reformatting the drive and wiping out the data. This security feature prevents brute-force attacks from unlocking the drive."
That would mean that one could use a relatively short and easily memorized password and and get away with. As far as I know, one can brute force a true crypt volume endlessly, requiring a long and perhaps difficult to remember password. |
|
1 edit |
As Frodo was posting, thats true. As of matter of fact, the Kingston's enterprise versions lets you set it to a lower number of password try attempts. Overall, Im pretty happy with it.
Thanks guys for the added feedback! |
|
|
|
to scottp99
Is this hardware encryption only on small capacity USB drives? |
|
Tomel join:2007-11-07 Midlothian, VA |
to scottp99
I've been looking recently at purchasing a hardware encrypted flash drive. I've been using TrueCrypt for years, but don't see that as the best approach for flash drive security. Consider this:
o As mentioned by an earlier poster, the hardware encrylpted drives typically limit the number of password entry attempts (including keeping track of the number of attempts even if the drive is removed and re-insterted). This allows a simpler, more memorable password by preventing brute force attacks.
o The other reason, not mentioned by anyone so far, is that with a hardware encrypted flash drive, I can insert it into any computer (with an operating system compatible with the drive format, typically Windows or Mac OS), enter my password, and have my data immediately available. If I use TrueCrypt to encrypt the drive, then TrueCrypt has to be installed on any computer I want to use to access my data. This may or not be feasible. At a minimum, if it wasn't installed, I'd have to locate an internet connection, download TrueCrypt, install it, and only then access my data. |
|
|
said by Tomel:(with an operating system compatible with the drive format, typically Windows or Mac OS) I use a DataShur FIPS certified hardware encrypted drive. It is OS agnostic since you enter your PIN using the onboard keys. It also provides for an administrator key if you are in a corporate environment. I can use this drive with an encrypted Live OS and boot from it - something you can't do with a software encrypted drive. » www.istorage-uk.com/datashur.php |
|
|
However, you can use Truecrypt as Portable Mode. When installing, just select EXTRACT instead of INSTALL. Then it would create itself a separate Truecrypt folder in which you can rune the .exe file on any OS and PC. |
|
|
to scottp99
said by scottp99:Security experts say that hardware encryption is harder to crack than software encryption. So hardware is the better choice in their opinion. So thats why I chose it. Not really. Both software and hardware encryption's strength depend on their proper implementation. Shoddy hardware crypto can be cracked as easily as buggy software. While hardware crypto will almost always offer better performance, it doesn't much matter if the crypto is bad. The problem with hardware crypto is you have no way of knowing what you're getting. Most manufacturers are not going to release detailed low-level specifications of the implementation or give their hardware to independent experts for review. Some companies may be more transparent than others and you should probably go with those (if any) who welcome review and release detailed specs. There was a case a few years ago where several major USB Flash drive makers were found to have made a horrible mistake in their hardware crypto -- a mistake so severe that it allowed full recovery of the key. Essentially, whenever you entered a password to unlock the drive, the hardware sent the same string to unlock the drive every time regardless of the password entered. Read here for more info.. What's worse is these drives were FIPS-142-2 certified! This begs the question as to whether the designers were simply this incompetent or whether it was a backdoor intentionally placed (there is no way to prove the latter, but it's a real possibility). And it further begs the question as to whether we can really trust the FIPS certification process since since such an obvious and blatant mistake made it through "certification." So, if performance is not a major issue, I would say go with an open source software solution. Truecrypt would be a good choice. |
|
your moderator at work
hidden : Spam
|