Slashdot Mirror
7 Secure USB Drives Reviewed
jcatcw writes "Computerworld has reviewed seven USB drives that use either encryption or a physical keypad to protect stored data, and found big differences in I/O speeds, ease of use and strength of security. In the case of the drive using a key pad, the editors were able to break open the device and access the data, bypassing the PIN security. They also state that there is little difference between 128-bit and 256-bit AES encryption because neither has been broken yet. The drives reviewed were the SanDisk Cruzer, the Lexar JumpDrive, the Kingston DataTraveler, the Imation Pivot Plus, the Corsair Survivor, the Corsair Padlock and the IronKey Secure USB Drive. The editors chose the IronKey as the most secure."
But do they run linux?
For the love of /root, use the print link.
We dont want to see a little bit of content over 9 pages!
Not sure....How different it is from security of any other mass storage device?
hilarious
Crack open the PIN-based one, fill with epoxy, reseal.
http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9062527
How are any of these better than using TrueCrypt in traveller mode? The only thing I can think of is that TrueCrypt requires administrator rights to use. And I suppose they may be easier to use for people who don't know much about computers or encryption. But I trust TrueCrypt a hell of a lot more than anything which comes preinstalled on these things.
... and not a single one of them is secure enough for me. I simply want a USB drive that whenever somebody, not authorized by me, touches it, heats their body to like a million kelvins and melt them. A few hundred thousand won't cut it. Until then, Lexar ain't impressing me with their little math based schemes. Unless it causes total vaporization, it's just not secure.
I got a catholic block.
choose from 10, or follow the link for 12 models.
http://www.informationweek.com/story/showArticle.jhtml?articleID=206901163&cid=RSSfeed_IWK_All
Another analysis of some of the ICs used in popular secure USB tokens (not usb storage devices) can be found here:
http://www.flylogic.net/blog/
They often de-cap the ICs and reverse engineer from a microscope. Really interesting stuff!
twitter.com/gravitronic
This is not a good thing.
How many of these devices are going to have the equivalent "1111" or "1234" or "8520" (the center of the keypad that users think is just OH so clever) as the password?
At least if the person is smart enough to know that they NEED encryption on their disk and they don't have it, they'll [hopefully] be smart enough not to just leave the thing laying around.
With this thing, it gives users a false sense of security...now they don't NEED to worry about losing the thing because "Oh, its ENCRYPTED!"
No amount of hardware will EVER replace proper training.
Example:
At first, we used a pretty strict password policy at work...+8 characters, numbers, symbols, capitols etc. all required. YOu have to change your password every month.
This is a security DISASTER! Everybody will set their password to like "jason1!" the first month, then "jason2@" the next month", then "jason3#" the next month and so on. Finally I changed the policy. Now a user can request a password that never changes, so long as it meets *MY* requirements...
NewslilySocial News. No lolcats allowed.
For the love of convenience, sanity, and saving money, just use any flash memory drive and TrueCrypt.
"Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux"
So...it never states if you can format this drive with the filesystem of your choice and use it. It is critical that whatever drive I use be usable on pretty much any OS. I am constantly switching between FreeBSD, Linux, OSX, and occassionally Windows.
Karma: Chameleon (mostly due to the fact that you come and go).
There has been ads for the Iron Key running on Slashdot for some time (though they're not up today). I guess I'm feeling a bit cynical today.
Insert witty comment here
Corsair Flash Padlock - physical security only: crack it by breaking open the case.
The Corsair Survivor - no security, so TrueCrypt is needed, but setup instructions for TrueCrypt are included.
The Imation Pivot Plus Flash Drive - uses AES-256, but in the insecure ECB mode. Hey, I suppose it's better than ROT13 at least.
The IronKey Secure Flash Drive - "To use the IronKey flash drive, you need to activate an online account." Well, that sounds like a great idea.
The Kingston DataTraveler Secure -- Privacy Edition - "Kingston refused to say what encryption mode the device runs in, citing that it was proprietary information." So that would be ECB again, then. Or maybe something even more pathetic.
The Lexar JumpDrive Secure II Plus - Special proprietary software is required to use this one.
The SanDisk Cruzer Professional - ECB again.
Really short summary: buy a conventional USB stick and do the encryption yourself using free software that you can trust. Because customers cannot tell the difference between a well secured device and some snake oil junk, there is no incentive to make these things work properly.
>north
You're an immobile computer, remember?
Maybe not yet, but presumably, when they are broken, they're likely to be broken in such a manner that 128-bit falls way before 256-bit. So if you only care about someone not stealing your data right now, they might both be equivalent, but if you're worried about someone stealing your data at any time and then reading it further down the road, one is likely to be much better than the other.
Also, I'm sure there will be some debate on this, but I'm not entirely convinced that if someone like the NSA has thrown a few billion dollars at the problem including having a custom-made super computer with their own unique, dedicated processors that are highly optimized for cracking encryption, that perhaps 128-bit AES is already compromised and we simply don't know. The relative advantages of 128 vs 256 bit might depend both on how long you want to keep your data secure, and on who you're trying to keep it secure from.
Can anyone tell me how to set my sig on Slashdot?
The big difference is WHEN they will be broken.
With an algorithm like AES, if you need your data to stay secure longer, use a bigger key.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...on the loss of your mother, when she happened to pull your USB drive out of one of your pockets before she threw your jeans in the wash.
It doesn't matter that much that there's little difference right now between 128-bit and 256-bit AES. It will matter later. There will almost certainly be time after 128-bit AES is broken but before 256-bit is broken. During that time, the extra 128 bits will mean the difference between secure and insecure. And remember, attackers who can read but not crack your messages can still keep them for later when they're crackable. If your messages still have value at that time, they will crack them then.
Of course, even 256-bit AES will eventually be broken. Everything will eventually be broken. But you have to consider that what you're buying for your encryption dollar isn't secrecy, period, but rather secrecy for a period of time. 256-bit AES buys more time.
--
make install -not war
One of our vendors sent us a demo drive, it was a small enclosure for a laptop size drive, and had a firewire interface. Instead of two firewire ports on the back, it had a firewire port and another identical looking firewire port, which was for the key. I assume the key was merely a very small firewire flash drive with the encryption key on the drive.
The vendor assured us it was properly secured, and I got first crack at it. We were quite disappointed.
I found that while each block on the hard drive WAS encrypted (by the firewire-to-ide bridge board), they were each encrypted using the same key, and no salt. This means that every block was encrypted in the same way.
This by itself probably seems harmless, but it reveals information that should not be revealed. Let me propose a scenario:
I engineer myself a position working at a rival company, and get physical access to their R&D lab, unsupervised. I have a 1/2 hr lunch break of time to find the drive containing the comany's secret recipes. I open the cabinet and find 30 of these secured drives. I was intending on taking the drive and copying it, but christ, there's 30 of them. I brought along a portable 1gb drive which would fit maybe 5 of them, but not 30.
So which ones do I copy? The bad news... I can tell which ones to copy.
I can look at the blocks on the disk and immediately spot any drives that have not been formatted, because their first 50 blocks are all going to contain the same random garbage in each block. OK that narrows it down to 8 drives. I can only image 5. So I look further.
I can now tell which drives are formatted FAT32, APS (apple HFS), etc. I can do this because I know what blocks are zeros (because there are a lot of them and they are all the same) and so I can tell which bytes in the other blocks are NOT zeros, and this makes determingin format AND used space trivial. I know the drive I'm looking for is FAT32, and that breaks it down to 3 drives. I could just go with the one drive that clearly has 30 gb used on it, and skip the others that appear very lightly used, but this has given me plenty of time so I happily image the 3 drives to my portable and sneak out in under 20 minutes.
Now of course we have to break the data, but the moral of the story here is, they allowed me way too much information from the supposedly secure drive, and it was enough to make what could have been a fruitless attempt into what may be a very successful attempt.
I brought this issue to the manufacturers, and was brushed off. They did not consider this a problem. riiiiight.
I work for the Department of Redundancy Department.
"This requires trusting the OS with your password, ..."
All drives except those with separate keypads trust the OS with the password. Hardware keyloggers will see the password if there is no separate keypad. But that's not the problem. The problem is losing the drive. Hopefully the drive would not be lost in the same place someone is using a key logging device.
Root is required only to install TrueCrypt, not run it.
Hmmm... are any of these FIPS 140-2 compliant? I think last I checked some were going through the cert process, but only one flash drive I know of has the certification. (Kanguru offers the only one I've found, making it the only one people will approve for use in the building.) Not sure if that cert is even worth the paper its written on, though.
Most of it sounds great, but "If someone does happen to gain access to your flash drive and they fail to type in the correct password more than 10 times, IronKey will self-destruct, permanently locking out users and wiping out all the data on the drive."
Seems pretty easy for someone to destroy the drive/data if they wanted to. Even accidentally destroy the drive/data.
I'm still waiting for the drive you can embed under your skin to store super-secret data. If Jason Bourne can have one, then why not me!? That'd be way more secure than these poxy little things, cause you actually have to perform a surgical operation to access the data.
Those using pirated Tinysoft signatures(TM) are a real threat to society and should all be thrown in jail.
What if you want to read the data on a computer that doesn't have TrueCrypt installed?
After 3 days without programming, life becomes meaningless
- The Tao of Programming
One of them won't even tell you the full details of the algorithm they use, saying it's 'proprietary' which is another word for "It's secret and it doesn't actually work." in the security industry.
Not only that, but each and every single one of them uses software on my computer to do the encryption. I can get the same thing by using decent drive encryption software like dm-crypt and LUKS. And those are publicly viewable and peer reviewed so they're much more likely to be secure than some stupid random algorithm slapped together by a few techs they paid to do it out of the spare change jar. So that's just totally silly.
I was hoping for something where the encryption was really done in the drive itself and it required me to enter something on a little keypad attached to it in some way in order to decrypt anything. I bet the one that sounds like it might do that just causes the USB device to refuse to talk to the world unless you enter the right thing on the keypad. You could pull that thing apart, attach a few leads and I bet you could read every bit off there (including the PIN) in the clear.
Security isn't that hard to do right. But nobody seems to want to bother. They just want to slap the word on their product, make the user jump through a few hoops and call it good.
Need a Python, C++, Unix, Linux develop
Interesting: Format a Flash drive as NTFS.
I wonder if that would make the flash drive more reliable, since NTFS is more reliable than FAT?
Don't use Windows OS encryption. According to Microsoft technical support, it is not reliable.
The drive would be quite easy to make. Two sub-critical pieces of plutonium plus a small charge to bind them. The recognition mechanism sounds tricky but nothing a sub-skin RFID can't solve (you authorize people to use the drive by implanting them with authorized RFIDs). OTOH people from stuff like airport security may get nervous if you try to bring it with you on a plane.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
More secure: Boot internet cafe computers from the Ultimate Boot CD for Windows, which is free. That way you are not dependent on the cafe OS.
That's what did it for us. I've been touting True Crypt as an encryption solution for our organization. At least we've put it on our laptops, but flash drives are a different story. Too many users are going offsite to other trusted computers they regularly access, and they would freeze in headlights if something just didn't automatically work (read - varying mount point configurations).
It's a training issue, but unfortunately some users are fairly stubborn. I would love to see it implemented on our flash drives because it's awesome at what it does - but for non-tech people, it's too intimidating. We ended up settling on Kingston's model because it was the most user-friendly.
Prove it.
A few years ago I bought a 1 gigabyte BioStik and it works really well. It can read 2 fingerprints. The only down side is, you need to actually issue the linux 'eject' command (or in windows remove safely option) or else the filesystem basically gets corrupted. Other than that, it's a great stick and quite secure. It has anti-tampering on it, so if someone tries to open it up, it immediately wipes the disk clean.
Most internet cafes will not allow booting from a CD, I'm guessing. However, if you can boot from a CD, you can boot from the free Ultimate Boot CD for Windows with TrueCrypt already installed.
TrueCrypt can put data into files, rather than using the whole drive. Put TrueCrypt on the drive as well as the file, and run it from there. So what if they know what program you encrypted it with, as long as you have a properly strong password, it won't matter.
But I'd be wary using a secure key on any public PC... you can't trust the PC, and the key could easily be compromised if the machine is. The chain of security is only as strong as it's weakest link.
My blog. Good stuff (when I remember to update it). Read it.
Can anybody give arguments against using Truecrypt on one partition on a stick and a Truecrypt encrypted volume on a second partition which takes up the rest of the stick?
Then you have portable, open source encryption. What more is necessary?
Hint: 72693 transistor hardware AES implementation at one word of plaintext to one word of ciphertext per cycle runs much faster than 4978652193 transistor Pentium 4 decoding and executing an instruction set. Same with a dust-size ARM. Using a simple chip that does 1 round and has to be run 16 times might just get you 1MB/s at 4MHz. The chip can be simplified down to having a lookup table taking 4096 bytes of ROM to do 3 stages of a round, operating on 32-bit words in 4 stages; this will block the circuit doing that operation for 4 cycles though, so you could implement the circuit 4 times (4 lookup tables?) for 1MB/s at 1MHz. Also the final XOR would be 4 32-bit XORs or (better) just one 128-bit XOR.
With the 4xLookup optimization and the 128-bit XOR in a pipeline, this simple chip would do one AES block per 16 cycles. By duplicating the circuit and pipelining, you would do 2 rounds per clock. Get creative with it.
Support my political activism on Patreon.
A friend of mine ordered the Iron Key a few months ago. It didn't work at all, so he sent it back for a replacement. The replacement broke after 3 days. I would think reliability should be incorporated into the 'security' factor. If the data is lost, even if its into thin air, that's not very secure at all. SO the question is: was my friend's experience with the Iron Key an isolated incident/bad luck, or is there indeed a reliability problem (and thus a security problem) with the Iron Key??
These people did review the performance, of all things. The first thing that needs review in a supposedly secure storage device is ITS SECURITY! Not reviewing that only shows that the reviewers are utterly clueless and do not know that most of these things are easily broken. An easily broken "secure storage device" is not a secure storage device and no performance figure can fix that.
Incompetents.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
"If a user chooses a password with fewer characters than would make a 128-bit or 256-bit key (one character = 8 bits, so we're talking about passwords of 16 or 32 characters, respectively), the remaining characters often automatically become zeros. That means that the password can more easily be guessed, according to Charles Kolodgy, research director for secure content and threat management products at IDC"
Really ? What kind of "expert" is this ? Ever heard of a good key setup routine ? Who would be crazy to directly use the password (mostly ASCII bytes) as an encryption key ?
This is a random-access device. The codebook encryption method is pretty much your only option unless you intend to re-crypt the entire downstream content because a one-byte write altered the chaining dependencies. In telecom apps, most of the data is streaming, and chaining cyphers are very appropriate. For static storage with an arbitrary data-order access opportunity, chaining cyphers would cause dramatic reductions in throughput, to the point of making the device unusable.
AES in ECB mode is less secure than (ECB + salt) or CBC mode. However CBC mode is inappropriate for this device. That doesn't make ECB suddenly "insecure."
The Disk encryption theory article on wikipedia lists some modes of operation that are practical for disk encryption, most notably XTS, which is used by truecrypt. Wikipedia also lists different disk encryption apps, and the modes of operation they use.
SCO employee? Check out the bounty
Since CBC mode is sequential, why not use CTR mode to allow both random access and resistance to replay or even better, use ESSIV?
You could just keep your USB drive physically "secure" i.e. keep it with you and don't lose it. If the data on the drive is so important that you need encryption, you should probably keep it with you anyways.
I don't think that's true. Other filesystem encryption does use CBC: it is used at the (hard disk) block level. For example, aes-loop works in this fashion. I think what you are missing is that it isn't completely random access. Nothing smaller than a hard disk block is read or written in one go, so you can encrypt entire blocks using a chain. You have to break the chain at each hard disk block boundary (>= 512 bytes), but this is still better than breaking it at every encryption block boundary (= 32 bytes) which is effectively what you get with ECB.
:).
An ECB implementation is potentially simpler, though, which is presumably why it is used
>north
You're an immobile computer, remember?
My understanding is that TrueCrypt keeps a lot in memory, and minimizes actual access to the drive.
I don't know whether NTFS would have a higher access overhead. I hope someone who reads this can tell us.
The winner was the same product that I see advertised here on slashdot while typing this response.
I'm sure that's just pure coincidence, though.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
IronKey does encryption in hardware on the device. All keys are generated on the device and are not-exportable from the device. No software or drivers need to be installed on your computer.
We ship our clients 4GB IronKey flash drives along with postmarked return envelopes so they can securely send my company sensitive financial data. We did discover one security flaw with our IronKey process however. The drive ships to the client blank with a piece of paper with basic instructions, including the password for the drive. The first drive I received from UPS arrived on my desk with the IronKey drive with the client's private data, encrypted and safe from prying eyes. Along with the drive was the damn sheet of paper with the password on it. That prompted me to add a comment to the instructions at the bottom in boldface: "DO NOT RETURN THIS PAPER WITH THE IRONKEY". I have since received two more IronKey drives, with the instructions (and password) included in the package. Lesson: Never underestimate the stupidity of a client. The IronKey works great however.
Is there confusion between permissions and Microsoft encryption?
I can move NTFS-formatted hard drives in removable USB enclosures to any computer, and read them there. It seems that it should be the same for any NTFS-formatted drive.
Microsoft drive encryption is not reliable, according to MS tech. support people. It should not be used.
Yes, the problem with Microsoft's NTFS encryption is that it is tied to the operating system User Name and password. Crazy!
That means if the user account is damaged, the data is lost forever, unless the user info can be restored from a domain server.
There are complaints on MS user groups from people who have lost months of hard wok that way.
now includes battery backed heater!
This must be annual "Review Secure USB Flashdrives" day.
Check out this review of 12 Secure USB Flashdrive products from InformationWeek (via http://news.yahoo.com/s/cmp/20080302/tc_cmp/206900256/).
That's a nice link. Thanks. I was approaching from my telecom-centric point of view, where the item to be encrypted is the data, not the medium on which it is stored. There's a fundamental difference between the two, and I think there's a place for both. In a transport environment, it is assumed that the attacker has access to the data stream as well as the encryption algorithm. The strength of the encryption is based exclusively on the math.
The block-based CBC structures will enhance encryption strength within the block, but if the sector ID information is used as part of the initial vector calculation, the resultant data will be tethered to the medium on which it is stored. Relocating the data (i.e. in an off-line backup process) will trash the encrypted information if it's not an exact duplicate. That may be desirable, or it may not be. I can see an IT staff getting hosed because the backups can't be restored (or worse, they were tested on specific hardware which works, but because Seagate/Maxtor/WD et al doesn't make a particular hard drive anymore, future restorations aren't viable.)
I figure XFS, Reiser4, Ext4, or the like should buy me some time. Figuring that Windows has 90%+ of the market share, I should be safe from most mischevious people that would break in to my home to steal my stuff.
An external keypad is irrelevant, unless the password is more confidential and important than the data you are unlocking with it.
If you can't trust the computer you are exposing ALL your files to, you shouldn't make those files accessible to it.
Any malicious program in the computer can read the rest of the files once you unlock the entire encrypted partition for the entire computer to read.
Use a trusted computer to move the files to a different USB drive first.
In the old floppy days, sticking a floppy into an infected system could cause files in it to be corrupted.
How sure are you that malware writers aren't going to be doing that sort of thing.
The review isn't so good on examining performance.
1) Inconsistent tests for the various file copies mentioned - so you can't really compare.
2) No write speeds listed for all.
Write speeds are significant if you are talking about copying GBs of data to the drive.
And for the write tests you have to ensure that it's all copied and written to the usb drive and not just cached somewhere.
You can backup the certificates involved in NTFS encryption.
No, the point is that having a backup of the certificates does NOT allow you access to your data, which is tied to the SID hash of a user, on one particular computer. A domain server can back up the information, apparently, but if the domain server crashes, the data is lost. Also, the data is not independent of the domain server in any way.
I use Sync. I've seen a lot of problems with FAT file system corruption.
My understanding is that it is better to use a TrueCrypt file rather than a TrueCrypt volume. That makes it easier to make encrypted backups; just copy the file. For some reason, using a file does not seem noticeably slower.