7 Secure USB Drives Reviewed

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Monday March 3, 2008 @04:48AM from the i-feel-safer-already dept.

jcatcw writes "Computerworld has reviewed seven USB drives that use either encryption or a physical keypad to protect stored data, and found big differences in I/O speeds, ease of use and strength of security. In the case of the drive using a key pad, the editors were able to break open the device and access the data, bypassing the PIN security. They also state that there is little difference between 128-bit and 256-bit AES encryption because neither has been broken yet. The drives reviewed were the SanDisk Cruzer, the Lexar JumpDrive, the Kingston DataTraveler, the Imation Pivot Plus, the Corsair Survivor, the Corsair Padlock and the IronKey Secure USB Drive. The editors chose the IronKey as the most secure."

4 of 146 comments (clear)

Min score:

Reason:

Sort:

For the... by Creepy+Crawler · 2008-03-03 04:55 · Score: 4, Informative

For the love of /root, use the print link.

We dont want to see a little bit of content over 9 pages!
--
- Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
Another analysis (similiar vein) by th0mas.sixbit.org · 2008-03-03 05:12 · Score: 5, Informative

Another analysis of some of the ICs used in popular secure USB tokens (not usb storage devices) can be found here:

http://www.flylogic.net/blog/

They often de-cap the ICs and reverse engineer from a microscope. Really interesting stuff!

--
twitter.com/gravitronic
Truecrypt: Linux, OS X, and Windows. Free. by Futurepower(R) · 2008-03-03 05:19 · Score: 5, Informative

For the love of convenience, sanity, and saving money, just use any flash memory drive and TrueCrypt.

"Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux"
Short summary by Cheesey · 2008-03-03 05:32 · Score: 5, Informative

Corsair Flash Padlock - physical security only: crack it by breaking open the case.

The Corsair Survivor - no security, so TrueCrypt is needed, but setup instructions for TrueCrypt are included.

The Imation Pivot Plus Flash Drive - uses AES-256, but in the insecure ECB mode. Hey, I suppose it's better than ROT13 at least.

The IronKey Secure Flash Drive - "To use the IronKey flash drive, you need to activate an online account." Well, that sounds like a great idea.

The Kingston DataTraveler Secure -- Privacy Edition - "Kingston refused to say what encryption mode the device runs in, citing that it was proprietary information." So that would be ECB again, then. Or maybe something even more pathetic.

The Lexar JumpDrive Secure II Plus - Special proprietary software is required to use this one.

The SanDisk Cruzer Professional - ECB again.

Really short summary: buy a conventional USB stick and do the encryption yourself using free software that you can trust. Because customers cannot tell the difference between a well secured device and some snake oil junk, there is no incentive to make these things work properly.

--
>north
You're an immobile computer, remember?